[messaging] "Keybase Attack" on RSA signatures

Tony Arcieri bascule at gmail.com
Tue Sep 9 15:07:24 PDT 2014

On Tue, Sep 9, 2014 at 2:52 PM, Max Krohn <themax at gmail.com> wrote:

> A Keybase “proofs” is a signatures of JSON object that includes: [...] (3)
> the user’s PGP fingerprint

Sorry, I must've glossed over this. It would seem to provide an immediate
defense to forging a keypair under which the signature would validate,
however it seems in conjunction with a SHA1 collision that allows the
replacement of the fingerprint in the original message, this could be
potentially problematic.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140909/7a65d11c/attachment.html>

More information about the Messaging mailing list