Re: PGP Signed Messages

[Jack Lloyd <lloyd () acm jhu edu>]

> BTW PGP key ID's can easily be faked, you can make arbitrary keys with any
> PGP key ID you want. Don't forget to include the fingerprint (at least then
> it's only mostly useless as opposed to completely useless).

In the case of the old (PGP 2.6.2) key format, yes, PGP key ids are easily
spoofable (the key id was the low 32 bits of the modulus). However, the
newer format (used for all(?) DSA/Elgamal and some RSA keys) uses the low
32 bits of the fingerprint, which is a cryptographic hash of the entire
key.  Thus one must generate about 2^31 keys to find a single one which
matches the key id (by the usual birthday paradox attack on a hash
function). Lets say you can generate and test 100 keys per second (my 1 Ghz
Athlon can generate 1 key in about 10 seconds with gnupg 1.0.6). In that
case, assuming my math isn't wrong, it would take you about 250 days to
forge a key id. Certainly possible, but quite a bit of work.

I'm fairly certain that having the entire fingerprint on hand gives you
pretty much full certainty that the key is legit.

BTW, the GPG for pine plugins automatically verify signatures, and displays
the GPG output, ie either "Good signature from ... " or "BAD signature from
..." every time you open the mail. The problems you mention are real, but a
problem of 1) bad mail client support, and 2) overly trusting people, not
the PGP format itself.

Regards,

Jack