Tag: News

Practical Collision Attack Against Long Key IDs in PGP
In response to the GPG.Fail attacks, a Hacker News user made this claim about the 64-bit “Long Key IDs” used by OpenPGP and GnuPG, while responding to an answer I gave to someone else’s question:

OK, to be clear, I am specifically contending that a key fingerprint does not include collisions. My proof is empirical, that no one has come up with an attack on 64 bit PGP key fingerprints.

Hacker News Thread

This was a stupid thing to say to me, of all people.

CMYKat

And thus:

Proof of Concept

Save this file as pubkey1.asc:
```
-----BEGIN PGP PUBLIC KEY BLOCK-----

xjQEZVQvDBYKCSsGAQQB2kcPAQEHQPlChumZ771BEWmLgtsrm2QUf3YE4xSbpiRr
wGelIDITzShDb2xsaXNpb24gS2V5IDEgPGtleTFAY29sbGlzaW9uLmV4YW1wbGU+
=8+QC
-----END PGP PUBLIC KEY BLOCK-----
```
Save this file as pubkey2.asc:
```
-----BEGIN PGP PUBLIC KEY BLOCK-----

xjQEZVRJOxYKCSsGAQQB2kcPAQEHQE5YOa8jzfZ1IAUmqaxKvrGdq3RJWQ1QBfh4
9ffaD/S3zShDb2xsaXNpb24gS2V5IDIgPGtleTJAY29sbGlzaW9uLmV4YW1wbGU+
=Ah4C
-----END PGP PUBLIC KEY BLOCK-----
```
Run the following commands, and despair:
```
gpg --list-packets pubkey1.asc | grep keyid
gpg --list-packets pubkey2.asc | grep keyid
```
You will observe the following:
```
$ gpg --list-packets pubkey1.asc | grep keyid
        keyid: 948F9326DD647C78
$ gpg --list-packets pubkey2.asc | grep keyid
        keyid: 948F9326DD647C78
```
However, the public keys and full fingerprints are different for each public key.

CMYKat

What Is Actually Happening?

This was the result of a Birthday attack against the 64-bit size of the “Long Key ID” feature of OpenPGP.

I’ve written about the Birthday Bound before. But generally:
- If you have $2^{n}$ possible outputs from a function…
- And the input domain is larger than the output domain…
- And you want to generate two distinct inputs that produce the same output (a collision attack)…
…then you only need about $sqrt{2^{n}}$ or $2^{n/2}$ inputs before your collision probability approaches 50%.

Since the output space of a Long Key ID is 64 bits, there are $2^{64}$ possible Long Key IDs. However, you expect a collision with about 50% probability after only $2^{32}$ Long Key IDs are generated.

This is a widely known fact about cryptography, and the crux of the attack.

EDIT: Apparently it was also done before. In 2019.

CMYKat

Methodology

The full attack took about 3 days on a laptop, running in the background while I was doing other work.

This is within an order of magnitude of the same runtime needed to break Rainbow, for comparison.

Because it was a memory-constrained device, the strategy looked roughly like this:
1. Generate $2^{16}$ keypairs. (~2 seconds)
2. For each keypair, iterate over a range of $2^{17}$ UNIX timestamps.
3. Compute the Key ID for each (public key, timestamp).
4. Write the Key IDs, index pointing to which keypair, and timestamps to a file (~15 hours).
5. Use the sort command on this enormous file (~57 hours).
  - This probably took so long because my laptop goes into sleep mode when I’m not using it, so at least 20 hours of that can be written off as “nap time for my computer”.
6. Read through this file from start to until a colliding key ID was found (~30 minutes).
I could have done it faster if I felt like using a cloud provider, but I didn’t want to put too much work into this.

Virtually no cryptography expert worth listening to will be surprised by this.

“What impact does colliding Key IDs give an attacker?”

To head off any questions like this, we need to be clear that a successful collision is, in and of itself, a successful attack. This is cryptography. None of us can weasel-word our way out of that fact.

But it’s still worth entertaining: what can you do with such a colliding keypair in practice?

Let’s say I was the maintainer of a popular open source package and got a bunch of Linux kernel devs to sign pubkey1.asc instead of publishing it here.

If I decided to go rogue in the future, I could replace the public key that other people will download with pubkey2.asc. Especially if I secretly control the PGP key server they’re using.

Users following instructions that mean to verify the Long Key ID instead of the full fingerprint will see that pubkey2.asc checks out, and then install backdoored software. All their apes, gone!

If I’m ever confronted about it (especially by the folks that signed my actual public key), I could point out that my private key was never compromised, and claim the attacker clearly did a “preimage” attack on my Long Key ID. Thus, there’s plausible deniability in the absence of other forensics.

Especially since PGP users advise each other to check the Long Key ID. (Alternative archive.)

This kind of attack has to be setup in advance. Collision attacks aren’t preimage attacks. But it’s a realistic exploit scenario.

CMYKat

Bonus: The Private Keys

private1.asc
```
-----BEGIN PGP PRIVATE KEY BLOCK-----
xVkEZVQvDBYKCSsGAQQB2kcPAQEHQPlChumZ771BEWmLgtsrm2QUf3YE4xSbpiRr
wGelIDITAAEAX7B7GVQBGE9VxroU6ilaSYp7D0QrZFRgbLDBM+uVTxEMis0dVGVz
dCBLZXkgMSA8a2V5MUBleGFtcGxlLmNvbT4=
=hStH
-----END PGP PRIVATE KEY BLOCK-----
```
private2.asc
```
-----BEGIN PGP PRIVATE KEY BLOCK-----
xVkEZVRJOxYKCSsGAQQB2kcPAQEHQE5YOa8jzfZ1IAUmqaxKvrGdq3RJWQ1QBfh4
9ffaD/S3AAEAA6ztnLShhUmlWLdG8TLgtyT6SsW+EibmRMuMOzUK5iMQN80dVGVz
dCBLZXkgMiA8a2V5MkBleGFtcGxlLmNvbT4=
=Tdrc
-----END PGP PRIVATE KEY BLOCK-----
```
TL;DR

Do not make stupid “empirical” claims about the security of cryptosystems, especially when the cost to disprove you is so low.

Header art by Kyume.

Original post written by Soatok
January 7, 2026
Fur Squared 2026 Schedule Posted

https://schedule.fursquared.com/schedule/f2-2026

Original post written by Ahmar Wolf

January 7, 2026
Furry Book Review Odysseus Vizard by PC Hatter Vol 1-7
I think an explanation is needed. First that Odysseus Vizard is very much like Hercule Poirot. Except in these stories he is a small blue bird. The other it is a collection of Odysseus Vizard stories. 7 in fact
1. The Odd Happenings at Esme
2. Death on the Course
3. The Death of Allen Timberlake
4. Murder at Cliff House
5. Lord Tumbell Dies
6. The Alphabet Killer
7. Killer at the Dig
The biggest difference between all of these tales and the stories by Agatha Christie.

The stories are not as intense or drawn out. They were obviously written for a furry audience, and light readers at that.

The only reason I mention this is. I consider myself a light reader, I won’t mention how long it took me to read all 7 novels. Just that I did enjoy them, found them interesting. Also you could leave for a while a return to the stories. Often with my schedule I have to do this when I start reading something, I have no choice but put them aside for a while.

No you don’t have to read the original works to enjoy them. I have not read or seen a lot of the original works. But I do enjoy them.

So how do I rate all 7 stories? To be honest I give a 8 out of 10 and would recommend it to anyone wanting to read a furry mystery with very interesting characters. I would say the gathering of the suspects was so damn unique.

Original post written by Ahmar Wolf
January 7, 2026
Furry Charity Index 2025

Original post written by Ahmar Wolf

January 7, 2026
The Bizarre Animated Final Episode Of Tales From The Crypt – The Third Pig

Original post written by Ahmar Wolf

January 7, 2026
New Year’s Fur Ball 2026 #Numbers

Attention shoppers! The Mega Mall is now.

There were 972 shoppers within the food court!
&
$4,594.62 was raised for West End Neighborhood housing!

Thank you so much, everyone, for ringing in the new year with us. #NYFB2026

: @skepticthewolf.bsky.social
https://www.furtrack.com/p/1608611

Original post written by Ahmar Wolf

January 6, 2026
Anthro New England 2026 Reg Open

As one comic noted sometimes back. When your doing a western on the east coast it becomes an eastern. I know bad joke.

Got to say Slumberyote is a terrific artist

For more details https://www.anthronewengland.com/

Original post written by Ahmar Wolf

January 6, 2026
Digging Up Positivity 2025 Episode 11

Original post written by Ahmar Wolf

January 6, 2026
Dutch Comic Con Winter 2025 Aftermovie

Original post written by Ahmar Wolf

January 6, 2026
Birthday Greetings, Pepe Le Pew!

I would be remiss if I did not remind you that January 6th is the birthday of Pepe Le Pew, by my estimation his 81st as the character was introduced in 1945 in the cartoon, Odor-able Kitty. My question is what to buy Pepe for the occasion…an industrial-strength can of Glade room freshener, perhaps?

While Pepe now languishes in what I’ve heard referred to as Horny Prison due to unwanted romantic advances towards one Penelope Pussycat, I curse cancel culture and the fact that Elmer Fudd and Yosemite Sam are allowed to freely brandish and discharge guns while Pepe is not allowed to pursue his natural instincts, even if they are unwelcomed and misguided…

His birthday is an appropriate time to remember our romantically self-deceived skunk, and appeal for the reformation and re-appearance of his character in some form. I know that males foistering their unwanted romantic intentions on another is wrong, and that times have changed enormously since 1945…but surely a reconstituted version of the character is possible, and that fans would welcome his return in some form…

Although it’s entirely possible that in light of his age, Pepe may have entirely lost interest in the Game of Love to begin with…

So celebrate and remember Pepe Le Pew on his natal day, N’est-ce pas?

Original post written by vulpesffb

January 6, 2026