[pkg-gnupg-maint] Bug#826270: gnupg: Defaults to using insecure short key IDs (32 bits)
Gunnar Wolf
gwolf at gwolf.org
Fri Jun 3 19:16:07 UTC 2016
Package: gnupg
Version: 1.4.20-6
Severity: normal
GnuPG defaults to returning short key IDs when listing keys. Short key
IDs are quite vulnerable to collisions, and their use should be
strongly discouraged.
I wrote the following with a progression of attacks; this is all
well-known for years.
http://gwolf.org/node/4070
So, in short: Please add "keyid-format 0xlong" to
/usr/share/gnupg/options.skel
Thanks,
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gnupg depends on:
ii gpgv 1.4.20-6
ii libbz2-1.0 1.0.6-8
ii libc6 2.22-10
ii libreadline6 6.3-8+b4
ii libusb-0.1-4 2:0.1.12-30
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages gnupg recommends:
ii gnupg-curl 1.4.20-6
ii libldap-2.4-2 2.4.42+dfsg-2+b2
Versions of packages gnupg suggests:
pn gnupg-doc <none>
ii imagemagick 8:6.8.9.9-7.1
ii libpcsclite1 1.8.17-1
ii parcimonie 0.10.1-1
-- no debconf information
More information about the pkg-gnupg-maint
mailing list