[ale] Ouch Damnit. I am a victim of a gpg security attack
Jeremy T. Bouse
jeremy.bouse at undergrid.net
Tue Nov 30 15:58:34 EST 2021
Using the short keyid which is only 32 bits will always be vulnerable to
the hash collision. That's why you need to use the long keyid format when
referencing keys, especially when receiving from the key server.
On Tue, Nov 30, 2021 at 1:51 PM Steve Litt via Ale <ale at ale.org> wrote:
> Charles Shapiro via Ale said on Tue, 30 Nov 2021 12:19:01 -0500
>
>
> >It turns out that someone had figured out a hash collision attack on
> >32-bit key fingerprints back in 2016, then published a list of all
> >the vulnerable fingerprints.
>
> Is there anything I can do to make myself less vulnerable to a hash
> collision attack?
>
> Thanks,
>
>
> SteveT
>
> Steve Litt
> Spring 2021 featured book: Troubleshooting Techniques of the Successful
> Technologist http://www.troubleshooters.com/techniques
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20211130/78d4bb8f/attachment.htm>
More information about the Ale
mailing list