A practical demonstration of a collision attack against PGP's 64-bit Long Key IDs, achieved in 3 days on a laptop using birthday attack principles. Two different PGP keypairs were generated that share the same Long Key ID (948F9326DD647C78), exploiting the mathematical reality that 64-bit outputs require only ~2^32 attempts for 50% collision probability. The attack methodology involved generating keypairs, iterating timestamps, computing Key IDs, sorting results, and identifying collisions. Complete proof-of-concept code and both public and private keys are provided, demonstrating that empirical security claims about 64-bit identifiers are fundamentally flawed.
Sort: