[pkg-gnupg-maint] Bug#826273: gnupg2: Defaults to using insecure short key IDs (32 bits)
Gunnar Wolf
gwolf at gwolf.org
Fri Jun 3 19:25:36 UTC 2016
Package: gnupg2
Version: 2.1.11-7
Severity: normal
Tags: security
GnuPG2 defaults to returning short key IDs when listing keys. Short
key IDs are quite vulnerable to collisions, and their use should be
strongly discouraged.
I wrote the following with a progression of attacks; this is all
well-known for years.
http://gwolf.org/node/4070
So, in short: Please add "keyid-format 0xlong" to
/usr/share/gnupg2/gpg-conf.skel
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gnupg2 depends on:
ii dpkg 1.18.7
ii gnupg-agent 2.1.11-7
ii install-info 6.1.0.dfsg.1-8
ii libassuan0 2.4.2-3
ii libbz2-1.0 1.0.6-8
ii libc6 2.22-10
ii libgcrypt20 1.7.0-2
ii libgpg-error0 1.22-2
ii libksba8 1.3.4-3
ii libreadline6 6.3-8+b4
ii libsqlite3-0 3.13.0-1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages gnupg2 recommends:
ii dirmngr 2.1.11-7
Versions of packages gnupg2 suggests:
pn gnupg-doc <none>
ii parcimonie 0.10.1-1
pn xloadimage <none>
-- no debconf information
More information about the pkg-gnupg-maint
mailing list