Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PGP question

35 views
Skip to first unread message

AIREGG

unread,
Mar 30, 2003, 10:10:42 AM3/30/03
to
I've just started to study cryptography and network security. Anyone could
help me to answer these question:

"In PGP, key IDs are used to distinguish different public keys of a user. A
key ID is obtained by taking the least significant 64 bits of a public key
of the user. Using this key ID generation scheme, what is the probability
that a user with public keys will have at least one duplicate key ID?"

Thanks very much.

two wheels

unread,
Mar 30, 2003, 11:48:20 AM3/30/03
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The fingerprint is what the software and keyservers use. The KeyID
is just a shorthand to help finding it, because we feeble humans
can't remember 40 hex-digits. But, we can remember eight hex-digits
with an attached name. The KeyID is a one-in-4-billion shot, so
that's pretty exclusive I think.

two wheels


-----BEGIN PGP SIGNATURE-----
Comment: two wheels (0xDA1DAF09)

iD8DBQE+hx6b8VGtldodrwkRAu3EAJ4rtWTHSrr9Zbx+5O78AnvdIt/Z8QCfezve
UiZRDPnEIUm7eBzEaqayCdQ=
=YHhS
-----END PGP SIGNATURE-----


anonymous

unread,
Mar 30, 2003, 1:43:59 PM3/30/03
to
In article <M%Fha.5918$sS2....@twister.nyroc.rr.com>, Tom McCune wrote:

> I believe the software actually use the full Key ID, instead of the short
> Key ID (the lower half of the full key ID) that PGPkeys displays, and
> that we use for searching for keys. Even the short key ID is so unlikely
> to be repeated, that an individual user will never see two keys in their
> keyring that have the same key ID - unless doing something to purposely
> make this so.

Incorrect.

http://www.rubin.ch/pgp/keyring/

anonymous

unread,
Mar 30, 2003, 5:30:52 PM3/30/03
to
In article <gcHha.6262$sS2....@twister.nyroc.rr.com>, Tom McCune wrote:
> anonymous <anon...@localhost.invalid> wrote in
> news:v8eenfl...@corp.supernews.com:
> Actually, that URL shows that my statement is correct. My comment was
> specific to a user's keyring, but this URL shows that it also holds up in
> reference to a key server, that holds many, many, many, etc. more keys
> than an individual user's keyring will contain.
>
> It shows my comment about 32 bit and 64 bit Key IDs to be correct.
> It shows that even the three 64 bit key ID collisions there are not there
> by chance, but rather there my manipulation (each of the three collisions
> have the same user ID - not something that will occur by chance).
>
> This same pattern presents for the 32 bit key collisions as well. To see
> how easy it is to manipulate 32 bit Key IDs, look for my manipulated Key
> ID 0xC0DEC0DE - I thought was a cute Key ID to create.

Did you look at the newer data/link? Are you claiming that most of the
DSA keys have been manipulated?

0 new messages