including the entire fingerprint of the issuer in an OpenPGP certification
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jan 17 18:42:06 PST 2011
Jon Callas <jon at callas.org> writes:
>On the other hand, this has never been a problem. It's harder than you think,
>because you have to generate a new key each time, which takes a while on RSA.
Only if you want a secure key. For SSH fuzzy fingerprinting the limiting
factor is the hashing, not the rate at which you can crank out keys, as long
as you don't mind that the keys aren't very secure. OK, they're not secure at
all, but that doesn't matter since you're going for spoofing, not a secure
signature forgery.
Peter.
More information about the notmuch
mailing list