Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keyring only allows unique key IDs #3334

Open
ffesti opened this issue Sep 26, 2024 · 0 comments
Open

keyring only allows unique key IDs #3334

ffesti opened this issue Sep 26, 2024 · 0 comments
Labels
bug crypto Signatures, keys, hashes and their verification
Milestone
6.0.0 alpha

Comments

@ffesti
Copy link
Contributor

ffesti commented Sep 26, 2024

Key IDs (even long ones) can have collisions - especially when an attacker tries to generate them on purpose. The right behavior is to try all keys with matching key IDs and see if one is able to verify the signature.
@ffesti ffesti mentioned this issue Sep 26, 2024
Open
@ffesti ffesti added bug crypto Signatures, keys, hashes and their verification labels Sep 26, 2024
@pmatilai pmatilai added this to the 6.0.0 alpha milestone Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crypto Signatures, keys, hashes and their verification
Projects
RPM
Status: Todo
Milestone
6.0.0 alpha
Development

No branches or pull requests
2 participants
@ffesti @pmatilai