Bugtraq mailing list archives
Re: PGP Signatures security BUG!
From: wk () GNUPG ORG (Werner Koch)
Date: Wed, 8 Mar 2000 11:32:41 +0100
On Tue, 7 Mar 2000, Povl H. Pedersen wrote:
The problem is, that the PGP servers expects all key IDs to be unique numbers, and does not expect 2 users to have the same keyID. And with the current amount of users, we are starting to get multiple users with the same keyID.
RFC2440 clearly states that a conforming implementation MUST not assume that key IDs are unique. However, NAI does not claim that their PGP is OpenPGP compatible. There will be a keyserver admin meeting in May where we are going to discuss all these topics. BTW, faking the short key ID (the one that is normally displayed - internally 64 bits are used) is possible on a standard box within some hours. Werner
Current thread:
- PGP Signatures security BUG! Povl H. Pedersen (Mar 07)
- Re: PGP Signatures security BUG! Tobias Haustein (Mar 08)
- Re: PGP Signatures security BUG! Werner Koch (Mar 08)
- RealServer exposes internal IP addresses tschweikle () FIDUCIA DE (Mar 08)
- Re: PGP Signatures security BUG! Eric Murray (Mar 08)
- [ Hackerslab bug_paper ] Linux printtool get printer password Sheshep ankh Dubhe (Mar 08)
- Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
- RealPlayer and Comet Cursor Keela Robison (Mar 09)
- Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
- Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
- Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
- The Comet Cursor Sarah MacArthur (Mar 09)
- Network File Resource Vulnerability Eric Hacker (Mar 09)