

Evil 32: Check Your GPG Fingerprints - Moral_
https://evil32.com/

======
agwa
This page is absolutely correct that you should not use 32 bit key IDs, ever.

However, some of its information about GnuPG is out of date. As of version
1.4.17 (released in June), GnuPG no longer blindly accepts responses from key
servers:

[http://git.gnupg.org/cgi-
bin/gitweb.cgi?p=gnupg.git;a=commit...](http://git.gnupg.org/cgi-
bin/gitweb.cgi?p=gnupg.git;a=commit;h=5230304349490f31aa64ee2b69a8a2bc06bf7816)

[http://bugs.g10code.com/gnupg/issue1579](http://bugs.g10code.com/gnupg/issue1579)

The fix was backported to wheezy-security as well:

[https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=725411](https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=725411)

------
joelanders
Here's a pretty comprehensive guide:

[https://help.riseup.net/en/gpg-best-
practices](https://help.riseup.net/en/gpg-best-practices)

------
bliker
I love gpg but openpgp tooling is just ancient piece of crap from CLI
perspective.

\- writing gpg just gives you cryptic “gpg: Go ahead and type your message
...” without any more information.

\- `gpg --list-keys` apart from being hard to remember* has a table of
misaligned values without any headers.

\- I still can’t figure out how to make use of gpg-agent.

* I always tend to write --keys and I get another non-helpful info error “gpg: Option “--keys” is ambiguous”)

------
kpc
See also: Trolling the Web of Trust[1]

The slides from Micah's original OHM2013 presentation are in trollwot.pdf

0xdeadbeef keys[2] have been around for quite a while, too. Generating a
custom 32-bit key ID using a simple unoptimized brute force program takes
under an hour on a midrange PC.

[1]
[https://github.com/micahflee/trollwot](https://github.com/micahflee/trollwot)

[2]
[http://pgp.mit.edu/pks/lookup?search=0xdeadbeef&op=index](http://pgp.mit.edu/pks/lookup?search=0xdeadbeef&op=index)

------
dorfsmay
Interesting, this article from 2011 shows the Debian community moving from
short 8 char IDs to 16 chararters one.

Now I'm really confused, and I have to ask:

Why are we calling a 8 hexadecimal character word 32 bit when it reuqires 64
bit to encode, or a 16 hexadecimal character word 64 bit when it take 256 bit
to encode?

~~~
pudquick
Because while 8 characters of hexadecimal stored directly as themselves as
individual bytes occupy 8 bytes, each pair of hexadecimal characters only
encodes up to 1 byte of binary information.

00 -> FF only covers 0-255, which is the range of binary values representable
in 1 byte.

The bit length they're talking about isn't about how many characters are in
the human readable IDs (hex) but instead the technical range limit of the ID
numbers.

------
coherentpony
So how do I know if my key ID is 32 bit?

~~~
schoen
It's not a property of the key itself, it's about how we communicate about
keys.

For example, consider the key of Ryan Lackey, who posts here on HN. Some
people (and software) might refer to that key as D2E0301F, which is its 32-bit
key ID. A more secure way to refer to the same key is

B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F

which is called the fingerprint of the key. Both of these forms exist for
_every_ PGP key. Notice that the 32-bit key ID is the rightmost 32 bits of the
fingerprint (D2E0 301F → D2E0301F. The problem with this is that it is easy
(according to the linked article, now takes only four seconds) to make some
other key that will also have 32-bit key ID D2E0301F, so if you tried to find
or verify Ryan's key using only that ID, someone could trick you into using a
fake one.

Another form sometimes used today is the 64-bit key ID, which is the rightmost
64 bits of the fingerprint (in Ryan's case, 07AD BE07 D2E0 301F →
07ADBE07D2E0301F).

Key IDs and key fingerprints have always both been part of PGP, but the idea
was that you might use the key ID to download or talk about the key, and then
use the fingerprint to verify that you had the right one. Some people have
been skipping the second step, or might not even know it was ever there.

