<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">A complicating factor is that PGP signature packets include a 64-bit<br>
key ID which is a hash of the public key.  However, that just requires<br>
the attacker to randomize the attack and try around 2^64 calculations<br>
until he finds a matching key ID, which might be feasible for a<br>
state-level attacker.<br>
<br></blockquote><div><br></div><div>We've noted that a new feature of GPG 2.1.15 is that signatures</div><div>are computed over full 20-byte SHA1 key fingerprints [1], in addition to</div><div>64-bit key IDs.</div><div><br></div><div>[1] <a href="http://gnupg-devel.gnupg.narkive.com/Z0EFUBU7/issuer-fingerprint-was-vanity-keys">http://gnupg-devel.gnupg.narkive.com/Z0EFUBU7/issuer-fingerprint-was-vanity-keys</a></div></div></div></div>