Bugtraq mailing list archives
Re: PGP Signatures security BUG!
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Wed, 8 Mar 2000 13:10:39 -0500
In message <p04310108b4eabe46523c@[130.227.158.132]>, "Povl H. Pedersen" writes :
It will take a long time to generate a new key with a specific fingerprint, but nonetheless, this 'overwriting' and hiding of other users IDs in the public PGP servers is bad.
Minor nit -- there's a big difference between a "fingerprint" -- which is the
result of a cryptographic hash on the key, and should *never* collide (and if
it does, you can get lots of attention by showing that the hash function isn't
strong enough) -- and a "key id", which is much shorter.
--Steve Bellovin
Current thread:
- Re: PGP Signatures security BUG!, (continued)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)
- Re: PGP Signatures security BUG! Will Price (Mar 20)
- Esafe Protect Gateway (CVP) does not scan virus under some conditions Hugo.van.der.Kooij () CAIW NL (Mar 21)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some conditions Alon Rotem (Mar 24)
- Security bug in Apache project: Jakarta Tomcat Jan Madsen (Mar 21)
- [TL-Security-Announce] nmh-1.0.2 and earlier TLSA200008-1 Katie Moussouris (Mar 21)
- New Solaris Vulnerability Calculator, Sun Mailing list, and Sun Focus area from SecurityFocus.com Jeremy Rauch (Mar 13)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
- Re: PGP Signatures security BUG! Povl H. Pedersen (Mar 09)
- Re: PGP Signatures security BUG! Salzman, Noah (Mar 08)
- Re: PGP Signatures security BUG! Steven M. Bellovin (Mar 08)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)