Date: Thu, 5 May 2016 13:34:05 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: broken RSA keys On Wed, May 04, 2016 at 09:18:26PM -0400, Stanislav Datskovskiy wrote: > older versions of GPG > will regard the bottom 32 bits of a modulus as the 'fingerprint', > rather than performing a hash. Are you sure? Got an example? I think the fingerprint was always a hash, with key id being last 32+ bits from it. I think it is compatible with PGP 2.x's from 1990s. Did I possibly miss some very early versions of GPG where this was not true, transitioning from PGP 2.x to later GPG (which I did) and thus not noticing this aspect? (Just trying to see how your statement could possibly be correct and consistent with my experience using PGP/GPG.) Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ