Re: [openpgp] Fingerprints and their collisions resistance

[Nicholas Cole <nicholas.cole@gmail.com>]

On Thu, Jan 3, 2013 at 7:18 AM, Andrey Jivsov <openpgp@brainhub.org> wrote:

> We exchanged a few emails on gnupg list about this this issue, which I
> think belongs here, the OpenPGP thread.
>

[snip]

Public keys offer a reasonable opportunity to place arbitrary bytes into
> fields that are hashed. For example, DSA P,Q,G, are primes. Every byte but
> the last one of a 2048 bit prime can be fixed, on average, due to the high
> density of primes. It suggests that the task of finding a collision with
> public keys is at least no more difficult than for ASCII documents.
>

If anyone has already done this, they are keeping very quiet about it.

I don't think I favour interim solutions - it would be better if the issue
were tackled directly.  From a user point of view, it would be good if new
formats were decided that hard-wire a new formats.  I think that these
decisions should be made sooner rather than later, because it will take
some years for end-user software to fully catch up.  Is it impossible to
think that new standards would be decided this year?

One issue with SHA-3 is that the fingerprints are going to be very long.
 How should these be displayed to the user?  Hex strings seem unsuitable
for this task, and I think any new standard should recommend that
fingerprints be displayed in some other way - probably using a different
base.

Best wishes,

N.