Re: including the entire fingerprint of the issuer in an OpenPGP certification

"Daniel A. Nagy" <nagydani@epointsystem.org> Wed, 19 January 2011 11:37 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0JBbJmM090291 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jan 2011 04:37:19 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p0JBbJEe090290; Wed, 19 Jan 2011 04:37:19 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail-fx0-f43.google.com (mail-fx0-f43.google.com [209.85.161.43]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p0JBbG6o090283 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=FAIL) for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 04:37:18 -0700 (MST) (envelope-from nagydani@epointsystem.org)
Received: by fxm18 with SMTP id 18so728546fxm.16 for <ietf-openpgp@imc.org>; Wed, 19 Jan 2011 03:37:16 -0800 (PST)
Received: by 10.223.74.5 with SMTP id s5mr593868faj.72.1295437035887; Wed, 19 Jan 2011 03:37:15 -0800 (PST)
Received: from [192.168.3.151] (catv-89-132-111-180.catv.broadband.hu [89.132.111.180]) by mx.google.com with ESMTPS id c11sm2527374fav.2.2011.01.19.03.37.14 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 19 Jan 2011 03:37:14 -0800 (PST)
Message-ID: <4D36CCE7.4050505@epointsystem.org>
Date: Wed, 19 Jan 2011 12:37:11 +0100
From: "Daniel A. Nagy" <nagydani@epointsystem.org>
User-Agent: Thunderbird 2.0.0.24 (X11/20100317)
MIME-Version: 1.0
To: ietf-openpgp@imc.org
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, dkg@fifthhorseman.net
Subject: Re: including the entire fingerprint of the issuer in an OpenPGP certification
References: <E1PfLeJ-0002cY-4A@login01.fos.auckland.ac.nz>
In-Reply-To: <E1PfLeJ-0002cY-4A@login01.fos.auckland.ac.nz>
X-Enigmail-Version: 0.95.0
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigC211D4E67E0F54FC72F02F16"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>


Peter Gutmann wrote:
> "Daniel A. Nagy" <nagydani@epointsystem.org> writes:
> 
>> generating a new key with the same 64-bit key ID as an existing key is on the
>> very far end of the realm of feasibility.
> 
> That should be:
> 
>   generating a *secure* new key with the same 64-bit key ID as an existing key
>   is on the very far end of the realm of feasibility.
> 
> If you don't mind that your key's weak then it's not that much more work than
> just finding a 64-bit collision.

I disagree. It's not a collision that you are after, but a 64 bit pre-image.
Basically, you need to enumerate, on average, 2^63 possibilities, which is very
expensive.

Regards,

-- 
Daniel