PGP Short ID Collision Attacks

I don’t think this has been mentioned anywhere in the Whonix documentation. Linus and other devs recently have had their short PGP key IDs faked in the wild and uploaded to keyservers (see article linked below).

By extension, I would not be surprised if there is a fake short ID with matching email and fake signatures for Patrick, Marek and others floating around. Selected excerpts below (my emphasis added):

Using short PGP key IDs is proving to be insecure with real attacks having started this summer.

It also has a well-known design flaw, that the last 8 digits of a public key’s fingerprint is used to label the key, dispute the fact the full fingerprint is 160-bit, not 32-bit, and made collision attacks possible. 5 years ago, developer Asheesh Laroia generate a new PGP key with the same short-ID as the old one, effectively demonstrate such attacks are practically.

Later, more and more developers found their fake keys with same names, emails, and even “same” fake signatures by more fake keys in the wild, on the keyservers. All these keys have same short-IDs, created by collision attacks, led with some discussions about the danger of short-IDs.

But many people were still unaware of this issue.

> Now, it’s worth to mention the issue again, since fake keys of Linus Torvalds, Greg Kroah-Hartman, and other kernel devs are found in the wild recently.

Search Result of 0x00411886:

Fake Linus Torvalds: 0F6A 1465 32D8 69AE E438 F74B 6211 AA3B [0041 1886]

Real Linus Torvalds: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 [0041 1886]

Search Result of 0x6092693E:

Fake Greg Kroah-Hartman: 497C 48CE 16B9 26E9 3F49 6301 2736 5DEA [6092 693E]

Real Greg Kroah-Hartman: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 [6092 693E]

Conclusion: Whonix users shouldn’t trust anything shorter than the fingerprint of the key and use long key IDs when downloading, inspecting and importing keys. Ditto Qubes users, Tor Browser users etc. as this is most likely state-sponsored actors deciding to attack a host of software they don’t like.