[zimbatm]

> Except maybe not: if you happen to do this with GnuPG 2.0.18 -- one version off from the very latest GnuPG -- the client won't actually bother to check the fingerprint of the received key.

Even in it's long form, it's relatively easy to generate different keys that have the same fingerprint.

[croikle]

I'm aware of simple brute-force attacks on short key IDs [0], which are just the last 32 bits of the fingerprint (e.g. 438CF0E2). With significant effort, one might be able to extend that to 64 bits.

I'd be much more surprised by a full fingerprint match. Wouldn't that imply a SHA-1 collision?

[0] http://www.asheesh.org/note/debian/short-key-ids-are-bad-new...

[zimbatm]

Yes I was referring to the 64bit long key ID. The full fingerprint is a SHA-1 and not vulnerable.

See https://www.debian-administration.org/users/dkg/weblog/105

[AlyssaRowan]

The 64-bit has been done: I've seen it. 0000000000000001, I think?

[nktr1]

using a bad hash function?