Keys fall in four seconds
By Darren Pauli, 1 Dec 2014 Researchers have found collision attacks for 32 bit GPG keys leaving the superseded technology well and truly dead.Eric Swanson and Richard Klafter used graphical processing units to clone fingerprints for each 32 bit key id in Web of Trust strong set.
The feat took four seconds per key increasing the chance that human error could land users with attackers keys.
"32 bit key IDs were reasonable 15 years ago but are obsolete now," the duo said in a blog.
"Using modern GPUs, we have found collisions for every 32 bit key id in the Web of Trust's strong set.
"It is easy to generate and publish a key that looks identical if you only use 32 bits when specifying a key."
Full Article