Samuel Thibault, on Wed 10 Aug 2016 12:46:07 +0200, wrote: > Holger Levsen, on Wed 10 Aug 2016 10:26:09 +0000, wrote: > > I'm somewhat surprised by this mail… or rather by you appearantly > > knowing about the issue but still you seem to not have acted as advised, > > so let me repeat: everybody, please put "keyid-format long" into your > > ~/.gnupg/gpg.conf! > > Well, I did in the end, yes, but I personally have never trusted these > IDs anyway, and would only trust signature paths.
And actually, moving to 64bit fingerprints by default is possibly not a good idea: who knows when 64bit will not be secure any more? Estimating very roughly, if a 32bit collision can be found within a few seconds with one GPU now as evil32 seems to show, a supercomputer with 10000 GPUs can find a 64bit collision within a month... Really, only signature paths should be looked at by people, and it seems like we are tending to let people think 64bit fingerprints are "secure". Samuel
