Re: [openpgp] Followup on fingerprints

Bill Frantz <> Sun, 09 August 2015 15:49 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 502861ACDFD for <>; Sun, 9 Aug 2015 08:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KZOE49ziCItS for <>; Sun, 9 Aug 2015 08:49:19 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 07E1A1ACDF8 for <>; Sun, 9 Aug 2015 08:49:18 -0700 (PDT)
Received: from [] (helo=Williams-MacBook-Pro.local) by with esmtpa (Exim 4.67) (envelope-from <>) id 1ZOSqW-0001AT-Bh for; Sun, 09 Aug 2015 11:49:13 -0400
Date: Sun, 9 Aug 2015 08:49:40 -0700
From: Bill Frantz <>
X-Priority: 3
In-Reply-To: <>
Message-ID: <r422Ps-1075i-742112EAADFB47BE9A7F41E9D65CE374@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79221265d599af1e0d5ecfa15e5071d7ba350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Archived-At: <>
Subject: Re: [openpgp] Followup on fingerprints
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 09 Aug 2015 15:49:20 -0000

I am more and more convinced of the wisdom of Alan Karp when he 
insists that any system which uses a hash must specify what 
happens when there is a hash collision. He points out that 
anytime data longer than the hash output is hashed, there is the 
possibility of a collision, which is true when calculating key fingerprints.

Now the consequences may be severe or trivial. If a PGP message 
routing application uses the fingerprint to select the 
destination, the consequence of a collision may be as trivial as 
routing messages to recipients who can't decrypt them, or the 
more serious consequence of not sending messages to the 
recipient who can decrypt them. The exercise of figuring out 
what will happen results in better design.

There has also been an undertone of, "If we can't come up with 
an attack, there aren't any." in this thread. I find this 
attitude very dangerous as new classes of attacks (e.g. power 
analysis) are constantly being discovered.

I would suggest wording in the security considerations section 
something like:

"During the design process, any application using key 
fingerprints SHOULD characterize the consequences of a 
fingerprint collision on the application's security and 
implementation integrity, particularly when using fewer bits 
than the output of the fingerprint hash."

Cheers - Bill

Bill Frantz        | Ham radio contesting is a    | Periwinkle
(408)356-8506      | contact sport.               | 16345 
Englewood Ave |  - Ken Widelitz K6LA / VY2TT | Los Gatos, 
CA 95032