This channel must have hundreds of hours of content, and I'm sure much of it is good, but I don't have hundreds of hours.
Instead, I will send hundreds of dollars to some trusted person to distill hundreds of hours into an app or something that I can use immediately.
https://www.youtube.com/watch?v=34gVHrkaiz0&list=PLyqKj7LwU2...
Mike Israetel who runs the channel is in the top-5 in scientific body building circles.
And you can get those same videos in their app https://rpstrength.com/pages/hypertrophy-app
Personally I'd use Jefit or Hevy over RP, but the point stands.
OK, an attacker creates two keypairs with the same fingerprint. How specifically can that attacker use those colliding fingerprints to do a MITM attack? Anything I can think of involves revealing one of the private keys to someone else and having them use that private key as their own.
1. Attacker does TLS-MITM with rogue certificate to replace the the public key of user B on their website with the attacker's public key in real time
2. A gets the MITM attacker's public key instead.
3. A sends introductory message containing their public key.
4. MITM replaces A's public key with that of theirs with colliding fingerprint
5. MITM keeps reading messages in between.
Later when they meet and compare public key fingerprints, they won't detect the attack.
This makes a lot of assumptions, but it's merely complex in terms of number of steps. It's not computationally infeasible.
Also, a better attack is of course to just hack the endpoints and exfiltrate private keys and passively read all messages since PGP lacks forward secrecy, and since that's according to Snowden, been happening for over 10 years, it's probably the modern approach. Much less noisy.