Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated OpenPGP Security (markdown)

Dominik Schürmann 2015-03-16 15:27:29 +01:00
parent 45e144dcf7
commit 2e3f5d8424
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
OpenPGP-Security.md

@ -58,18 +58,23 @@ TODO: Yes we must do this. Important TODO
No, in about 99% of all use cases there are better photos to be found in Android's contact database. Photos are displayed only if a key has been confirmed.
## Why aren't key IDs displayed?
* Short key IDs (last 32 bits of the key's fingerprint) are trivially to replicate via a [preimage attack](https://en.wikipedia.org/wiki/Preimage_attack). See https://github.com/coruus/cooperpair
* Short key IDs (last 32 bits of the key's fingerprint) are trivially to replicate via a [preimage attack](https://en.wikipedia.org/wiki/Preimage_attack).
* Two equal long key IDs can be generated using a [collision attack](https://en.wikipedia.org/wiki/Collision_resistance)
* Examples can be found at See https://github.com/coruus/cooperpair
We want two things from a key management framework: unforgability, and human-intelligible handles. Key IDs fail at both.
* Fingerprints are unforgable (as much as SHA-1's preimage resistance, anyway -- that's a separate discussion), but they aren't human-intelligible.
* User IDs are human-intelligible, and they are unforgable if we can rely on a robust keysigning network.
* Key IDs (both short and long) are neither human-intelligible nor unforgable (regardless of existence of a keysigning network), so they are the worst of all possible worlds.
* Key IDs (both short and long) are neither human-intelligible nor unforgable (regardless of existence of a keysigning network), so they are the worst of all possible worlds.
So reasonable tools should not expose either short or long key IDs to users, or use them internally if they can avoid them. They do not have any properties we want, and in the worst case, they actively mislead people or lead them into harm. What reasonable tool should do that?
Based on https://www.debian-administration.org/users/dkg/weblog/105 (CC-BY 4.0)
In OpenKeychain several methods for key exchange exists:
* QR Codes containing the full fingerprint
* SafeSlinger: secure hash commitment based full key exchange
* NFC: Full key exchange via NFC
Answer based on [dkg's blog post: "OpenPGP Key IDs are not useful "](https://www.debian-administration.org/users/dkg/weblog/105) (CC-BY 4.0)
# Key creation