[messaging] On Signed-Only Mails
themax at gmail.com
Wed Dec 7 15:25:31 PST 2016
> A complicating factor is that PGP signature packets include a 64-bit
> key ID which is a hash of the public key. However, that just requires
> the attacker to randomize the attack and try around 2^64 calculations
> until he finds a matching key ID, which might be feasible for a
> state-level attacker.
We've noted that a new feature of GPG 2.1.15 is that signatures
are computed over full 20-byte SHA1 key fingerprints , in addition to
64-bit key IDs.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging