[pkg-gnupg-maint] Bug#826273: Bug#826273: gnupg2: Defaults to using insecure short key IDs (32 bits)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jun 3 21:06:43 UTC 2016


On Fri 2016-06-03 15:25:36 -0400, Gunnar Wolf wrote:
> GnuPG2 defaults to returning short key IDs when listing keys. Short
> key IDs are quite vulnerable to collisions, and their use should be
> strongly discouraged.
>
> I wrote the following with a progression of attacks; this is all
> well-known for years.
>
>     http://gwolf.org/node/4070
>
> So, in short: Please add "keyid-format 0xlong" to
> /usr/share/gnupg2/gpg-conf.skel

I've repeatedly suggested to upstream that we should change this default
(in the software, not just in gpg-conf.skel), but it hasn't happened
yet.  see the changes i've posted here:

https://lists.gnupg.org/pipermail/gnupg-devel/2016-January/030742.html

If upstream decides to not do this, we've discussed having the debian
packages diverge from upstream in some specific circumstances, and i
think this might be one place to do it.  I certainly have no objections
to changing the default keyid-format in debian.

However, I'm a little torn about what to change it to.  the long keyID
itself is only 64 bits, which means it's trivial to mount a collision
attack, and that a pre-image is definitely in range of a
moderately-well-funded attacker.

So i'm inclined to think the actual Right Thing is either to use the
full fingerprint (in cases where cryptographic integrity is desired) or
to show nothing cryptographic at all, leaving only the non-cryptographic
(and obviously forgeable) human-readable details.

I've explored this thinking in a little more detail on my blog [0].

So i'd actually be happier with "keyid-format none" or "keyid format
fingerprint" [1] than with "keyid-format long" but i agree that "long"
or "0xlong" is still superior to the current situation.

   --dkg


[0] https://www.debian-administration.org/users/dkg/weblog/105
[1] https://bugs.gnupg.org/gnupg/issue1445
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160603/ee7073d9/attachment.sig>


More information about the pkg-gnupg-maint mailing list