Date: Mon, 29 Dec 2014 09:05:29 -0500 From: Ted Unangst <tedu@...unangst.com> To: Florian Weimer <fw@...eb.enyo.de> Cc: oss-security@...ts.openwall.com Subject: Re: OpenBSD signify and "fingerprint" On Mon, Dec 29, 2014 at 14:09, Florian Weimer wrote: > This is just a warning that what OpenBSD's signify tool calls a > “fingerprint” is very different from the concept of a fingerprint in > OpenPGP. It is just a random 64-bit blob with no relationship to the > raw public key used for signing. Conceptually, it is similar to the > OpenPGP key ID (it is used as a quick check that public key and > signature match), except that it is even more trivial to forge. > > Fortunately, typical usage patterns of the signify tool do not expose > the fingerprint to the user, so there is no immediate temptation to > use it for validating a key (which is the primary use case for > fingerprints in OpenPGP). It is also short (64 bits) and thus not > very secure to the initiated, no matter how it is computed, but I'm > not fully convinced that this is a sufficient deterrent. Yes. The user isn't supposed to believe anything a key says about its own identity. I tried to make it hard for the user to do that. I was about to reply that signify doesn't even print the fingerprint, but unfortunately I see the option to do that is still there. That was actually supposed to be used for debugging only. That at least is easily removed. > Maybe a different term instead of “fingerprint” could be used to > reduce the potential for confusion. Something like “key number” or > “key slot” might be appropriate (because these terms do not confer any > identifying property). Thanks. I'll think about it for a bit.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.