Basic question on GPG Key

I saw mirimir's signature, I was wondering why also the Fingerprint is written.
Should not be the Key ID enough for getting the Public Key from a directory?

Thanks

 

The Key ID can be spoofed, but not (as far as I know) the full fingerprint.

By "spoofed", I mean that another key can be generated having the same Key ID. Just keep generating new keys until you find one that matches.

 

Thanks. It's that realistic? I mean, generating a huge amount of keys until you get that specific ID?

 

More reading about short key ID: http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html

 

Interesting. But how to generate a longer (64-bit or more) key ID?
In my case I generated my Keys with Mailvelope and they are pretty 32-bit standard ones.

 

The Key ID just by definition comprises the last eight characters of the Fingerprint. The only way to fix the problem would be to change the definition of Key ID, perhaps including more of the Fingerprint. But that would probably break stuff.