| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Jan 2010 22:04:35 +0100 From: Sens0r The real <the.real.sens0r@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: 0xdeadbeef attack on gpg Hello list, I'm currently digging into the security aspect of RSA and web of trust... while searching the web I found some notes about the 0xdeadbeef attack, where you generate a key that has the same short fingerprint than another, and over this way you fool other users to use the wrong key. So I'm searching information about this hack, I did not found any paper on the usual places, and I don't find much information at all. How does this attack was done in practice? I mean you have to generate a fingerprint that has as last 8 bytes 0xdeadbeef (hex) that clear for me, but what is the best way? You could simply generate one key after the other and throw away every key that is not matching, but this might last for quite a long time if you are unlucky. How does one could influence it to get a result faster? I would be happy for every hint/link/information. Kind regards, Sens0r _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists