> BTW PGP key ID's can easily be faked, you can make arbitrary keys with any > PGP key ID you want. Don't forget to include the fingerprint (at least then > it's only mostly useless as opposed to completely useless). In the case of the old (PGP 2.6.2) key format, yes, PGP key ids are easily spoofable (the key id was the low 32 bits of the modulus). However, the newer format (used for all(?) DSA/Elgamal and some RSA keys) uses the low 32 bits of the fingerprint, which is a cryptographic hash of the entire key. Thus one must generate about 2^31 keys to find a single one which matches the key id (by the usual birthday paradox attack on a hash function). Lets say you can generate and test 100 keys per second (my 1 Ghz Athlon can generate 1 key in about 10 seconds with gnupg 1.0.6). In that case, assuming my math isn't wrong, it would take you about 250 days to forge a key id. Certainly possible, but quite a bit of work. I'm fairly certain that having the entire fingerprint on hand gives you pretty much full certainty that the key is legit. BTW, the GPG for pine plugins automatically verify signatures, and displays the GPG output, ie either "Good signature from ... " or "BAD signature from ..." every time you open the mail. The problems you mention are real, but a problem of 1) bad mail client support, and 2) overly trusting people, not the PGP format itself. Regards, Jack
This archive was generated by hypermail 2b30 : Tue Oct 16 2001 - 09:33:30 PDT