|
|
|
|
|
|
by croikle
4322 days ago
|
|
|
I'm aware of simple brute-force attacks on short key IDs [0], which are just the last 32 bits of the fingerprint (e.g. 438CF0E2). With significant effort, one might be able to extend that to 64 bits. I'd be much more surprised by a full fingerprint match. Wouldn't that imply a SHA-1 collision? [0] http://www.asheesh.org/note/debian/short-key-ids-are-bad-new... |
|
|
See https://www.debian-administration.org/users/dkg/weblog/105