From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-project+bounces-1783-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RhjhJ-0001Sk-U0
	for garchives@archives.gentoo.org; Mon, 02 Jan 2012 15:21:14 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1B19721C1FD;
	Mon,  2 Jan 2012 15:21:05 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id A785B21C1FB
	for <gentoo-project@lists.gentoo.org>; Mon,  2 Jan 2012 15:20:56 +0000 (UTC)
Received: from [192.168.0.199] (balkh.flp.tu-berlin.de [130.149.113.89])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: chithanh)
	by smtp.gentoo.org (Postfix) with ESMTPSA id D1A111B4011
	for <gentoo-project@lists.gentoo.org>; Mon,  2 Jan 2012 15:20:55 +0000 (UTC)
Message-ID: <4F01CB43.7010907@gentoo.org>
Date: Mon, 02 Jan 2012 16:20:35 +0100
From: =?UTF-8?B?Q2jDrS1UaGFuaCBDaHJpc3RvcGhlciBOZ3V54buFbg==?=
 <chithanh@gentoo.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20111101 Firefox/7.0.1 SeaMonkey/2.4.1
Precedence: bulk
List-Post: <mailto:gentoo-project@lists.gentoo.org>
List-Help: <mailto:gentoo-project+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-project+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-project+subscribe@lists.gentoo.org>
List-Id: Gentoo Project discussion list <gentoo-project.gentoo.org>
X-BeenThere: gentoo-project@lists.gentoo.org
Reply-To: gentoo-project@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-project@lists.gentoo.org
Subject: Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
References: <4F01C37B.6000305@gentoo.org>
In-Reply-To: <4F01C37B.6000305@gentoo.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: d894f2a8-e02c-4fca-839b-0da23a118e2d
X-Archives-Hash: 536a6cd0aa26f944fad57c6f59b96fee

"Pawe=C5=82 Hajdan, Jr." schrieb:
> You've probably read (or should)
> <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html>
> which describes why using short gpg key ids is insecure.

I came across this blog post via the slashdot story
http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-h=
as-occurred
and frankly I am not convinced that there is an actual security problem.
The short ID is just for easy finding of the key. It is not intended for
unique GPG key identification, and anybody who uses it that way deserves
a good beating with the cluebat.

Best regards,
Ch=C3=AD-Thanh Christopher Nguy=E1=BB=85n