Opened 3 years ago

Closed 3 years ago

#20396 closed defect (invalid)

Tor Project crypto signatures will deceive with 32-bit key ids

Reported by: chadmiller Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Critical Keywords:
Cc: chadmiller Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


This page has key ids that are too short.

There are people impersonating GPG releasers in keyservers, and relying on ability to create keys that collide in lower 32 bits.. For instance, if someone takes the Nick key id 0x165733EA, that will fetch these keys from keyservers:

gpg: key 21194EBB165733EA: public key "Nick Mathewson <nickm@…>" imported
gpg: key D50624EC165733EA: public key "Nick Mathewson <nickm@…>" imported

And someone fake a source download.

Or Roger's 0x28988BF5 will get

gpg: key EB5A896A28988BF5: public key "Roger Dingledine <arma@…>" imported
gpg: key 9C01813428988BF5: public key "Roger Dingledine <arma@…>" imported

or 0x19F78451 will get

gpg: key 468FAE2919F78451: public key "Roger Dingledine <arma@…>" imported
gpg: key C218525819F78451: public key "Roger Dingledine <arma@…>" imported

The signatures page should never list any 32 bit values. Only have full fingerprints, or use the 64-bit long ids or longer.

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by weasel

Resolution: invalid
Status: newclosed

not a sysadmin issue.

Note: See TracTickets for help on using tickets.