* [gentoo-project] let's stop using short gpg key ids, that's insecure
@ 2012-01-02 14:47 "Paweł Hajdan, Jr."
2012-01-02 15:20 ` Chí-Thanh Christopher Nguyễn
2012-01-02 17:17 ` Michał Górny
0 siblings, 2 replies; 5+ messages in thread
From: "Paweł Hajdan, Jr." @ 2012-01-02 14:47 UTC (permalink / raw
To: gentoo-project
[-- Attachment #1: Type: text/plain, Size: 630 bytes --]
You've probably read (or should)
<http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html>
which describes why using short gpg key ids is insecure.
Note it's about IDs, i.e. 0x30427902 vs. 0xB9442D9430427902 (it's short
and long ID of my current key), not the keys themselves. That means no
need to change keys, just change the way we display them on web pages
and possibly in other places.
What do you think? Should I file a bug to convert e.g.
http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml ? Or do we
only have short key IDs in LDAP, which would require everyone to submit
the full ID?
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
2012-01-02 14:47 [gentoo-project] let's stop using short gpg key ids, that's insecure "Paweł Hajdan, Jr."
@ 2012-01-02 15:20 ` Chí-Thanh Christopher Nguyễn
2012-01-02 17:17 ` Michał Górny
1 sibling, 0 replies; 5+ messages in thread
From: Chí-Thanh Christopher Nguyễn @ 2012-01-02 15:20 UTC (permalink / raw
To: gentoo-project
"Paweł Hajdan, Jr." schrieb:
> You've probably read (or should)
> <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html>
> which describes why using short gpg key ids is insecure.
I came across this blog post via the slashdot story
http://yro.slashdot.org/story/11/12/27/0044242/gnupg-short-id-collision-has-occurred
and frankly I am not convinced that there is an actual security problem.
The short ID is just for easy finding of the key. It is not intended for
unique GPG key identification, and anybody who uses it that way deserves
a good beating with the cluebat.
Best regards,
Chí-Thanh Christopher Nguyễn
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
2012-01-02 14:47 [gentoo-project] let's stop using short gpg key ids, that's insecure "Paweł Hajdan, Jr."
2012-01-02 15:20 ` Chí-Thanh Christopher Nguyễn
@ 2012-01-02 17:17 ` Michał Górny
2012-01-05 17:57 ` "Paweł Hajdan, Jr."
1 sibling, 1 reply; 5+ messages in thread
From: Michał Górny @ 2012-01-02 17:17 UTC (permalink / raw
To: gentoo-project; +Cc: phajdan.jr
[-- Attachment #1: Type: text/plain, Size: 928 bytes --]
On Mon, 02 Jan 2012 15:47:23 +0100
""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org> wrote:
> You've probably read (or should)
> <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html>
> which describes why using short gpg key ids is insecure.
Insecure to what? In the same manner, you can say that using your first
and surname is insecure.
> What do you think? Should I file a bug to convert e.g.
> http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml ? Or do we
> only have short key IDs in LDAP, which would require everyone to
> submit the full ID?
There's no reason to panic. The trust model of PGP is not based on key
IDs. The short IDs are only used to let users grab our keys at will;
and as the blog post shows, GPG handles repeating key IDs just fine.
I think we can afford that one a million times users will download one
additional key.
--
Best regards,
Michał Górny
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
2012-01-02 17:17 ` Michał Górny
@ 2012-01-05 17:57 ` "Paweł Hajdan, Jr."
2012-01-05 18:21 ` Michał Górny
0 siblings, 1 reply; 5+ messages in thread
From: "Paweł Hajdan, Jr." @ 2012-01-05 17:57 UTC (permalink / raw
To: gentoo-project
[-- Attachment #1: Type: text/plain, Size: 662 bytes --]
On 1/2/12 6:17 PM, Michał Górny wrote:
> Insecure to what?
It's easy to confuse keys that way. I'm not saying that it results in an
immediate compromise or that it's urgent, but if we can make it harder
to confuse keys, why not do that?
> The trust model of PGP is not based on key
> IDs. The short IDs are only used to let users grab our keys at will;
> and as the blog post shows, GPG handles repeating key IDs just fine.
Do all developer keys have at least one signature of some other key? In
the absence of signatures (and how does the user verify that those have
been made by developers?), what users have is our list of short key IDs.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-project] let's stop using short gpg key ids, that's insecure
2012-01-05 17:57 ` "Paweł Hajdan, Jr."
@ 2012-01-05 18:21 ` Michał Górny
0 siblings, 0 replies; 5+ messages in thread
From: Michał Górny @ 2012-01-05 18:21 UTC (permalink / raw
To: gentoo-project; +Cc: phajdan.jr
[-- Attachment #1: Type: text/plain, Size: 1080 bytes --]
On Thu, 05 Jan 2012 18:57:35 +0100
""Paweł Hajdan, Jr."" <phajdan.jr@gentoo.org> wrote:
> On 1/2/12 6:17 PM, Michał Górny wrote:
> > Insecure to what?
>
> It's easy to confuse keys that way. I'm not saying that it results in
> an immediate compromise or that it's urgent, but if we can make it
> harder to confuse keys, why not do that?
I don't say that we should or shouldn't do that. I just say that we
shouldn't say it will improve any kind of 'security'.
> > The trust model of PGP is not based on key
> > IDs. The short IDs are only used to let users grab our keys at will;
> > and as the blog post shows, GPG handles repeating key IDs just fine.
>
> Do all developer keys have at least one signature of some other key?
> In the absence of signatures (and how does the user verify that those
> have been made by developers?), what users have is our list of short
> key IDs.
And how can they verify that list? I don't think there's a reason to
trust it, and I don't think most of us care about it at all.
--
Best regards,
Michał Górny
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-01-05 18:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-02 14:47 [gentoo-project] let's stop using short gpg key ids, that's insecure "Paweł Hajdan, Jr."
2012-01-02 15:20 ` Chí-Thanh Christopher Nguyễn
2012-01-02 17:17 ` Michał Górny
2012-01-05 17:57 ` "Paweł Hajdan, Jr."
2012-01-05 18:21 ` Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox