including the entire fingerprint of the issuer in an OpenPGP certification

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jan 18 16:11:43 PST 2011


"Daniel A. Nagy" <nagydani at epointsystem.org> writes:

>generating a new key with the same 64-bit key ID as an existing key is on the
>very far end of the realm of feasibility.

That should be:

  generating a *secure* new key with the same 64-bit key ID as an existing key
  is on the very far end of the realm of feasibility.

If you don't mind that your key's weak then it's not that much more work than
just finding a 64-bit collision.

Peter.


More information about the notmuch mailing list