It takes 4 seconds to generate a colliding 32bit key id on a GPU (using scallion). Key servers do little verification of uploaded keys and allow keys with colliding 32bit ids. Further, GPG uses 32bit key ids throughout its interface and does not warn you when an operation might apply to multiple keys. Key servers do not use transport encryption (e....
Sadly, one of the main tools used to analyze Web of Trust data, wotsap
, is still using 32 bit key ids in its data files, and is mostly abandoned upstream, so there are little real hopes to see it fixed. Wotsap data is also used by the PGP pathfinder & key statistics
website, which is thus vulnerable to a number of attacs.
The workaround is to manually verify the paths shown by wotsap using gpg --check-sigs
, which should be done anyway, since wotsap data comes from an untrusted source (cryptographically speaking), but AFAIK is still not done automatically by any tool.
Thanks to @Enrico Zini
Zini for the link.
@Gruppo Linux Como