|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: PGP Signatures security BUG!
From: Steven M. Bellovin (smb
RESEARCH.ATT.COM)Date: Wed Mar 08 2000 - 12:10:39 CST
- Next message: Werner Koch: "Re: PGP Signatures security BUG!"
- Previous message: pedwardWEBCOM.COM: "Realnetworks is trojaning people...again!!!"
- Maybe in reply to: Povl H. Pedersen: "PGP Signatures security BUG!"
- Next in thread: Werner Koch: "Re: PGP Signatures security BUG!"
- Maybe reply: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <p04310108b4eabe46523c[130.227.158.132]>, "Povl H. Pedersen" writes
:
>
> It will take a long time to generate a new key with a specific
> fingerprint, but nonetheless, this 'overwriting' and hiding of other
> users IDs in the public PGP servers is bad.
Minor nit -- there's a big difference between a "fingerprint" -- which is the
result of a cryptographic hash on the key, and should *never* collide (and if
it does, you can get lots of attention by showing that the hash function isn't
strong enough) -- and a "key id", which is much shorter.
--Steve Bellovin
- Next message: Werner Koch: "Re: PGP Signatures security BUG!"
- Previous message: pedwardWEBCOM.COM: "Realnetworks is trojaning people...again!!!"
- Maybe in reply to: Povl H. Pedersen: "PGP Signatures security BUG!"
- Next in thread: Werner Koch: "Re: PGP Signatures security BUG!"
- Maybe reply: Steven M. Bellovin: "Re: PGP Signatures security BUG!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]