Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 5 May 2016 13:03:36 +0200
From: Hanno Böck <>
Subject: Re: broken RSA keys

On Thu, 5 May 2016 13:34:05 +0300
Solar Designer <> wrote:

> On Wed, May 04, 2016 at 09:18:26PM -0400, Stanislav Datskovskiy wrote:
> > older versions of GPG
> > will regard the bottom 32 bits of a modulus as the 'fingerprint',
> > rather than performing a hash.  
> Are you sure?

"V3 keys are deprecated.  They contain three weaknesses.  First, it is
relatively easy to construct a V3 key that has the same Key ID as any
other key because the Key ID is simply the low 64 bits of the public

I had forgotten about that, but it probably also explains the two
pre-2000 keys with small factors I found.

Hanno Böck


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ