Re: Key collisions in the wild

To: debian-devel@lists.debian.org
Subject: Re: Key collisions in the wild
From: Thibaut Paumard <thibaut@debian.org>
Date: Wed, 10 Aug 2016 01:23:24 +0200
Message-id: <[🔎] 57AA65EC.8080500@debian.org>
In-reply-to: <[🔎] 20160809224743.GZ6224@var.home>
References: <[🔎] 20160809224743.GZ6224@var.home>

Thanks Samuel,

Looks like my key has been purposefully collided too, already two years ago:

thibaut$ LANG=C gpg --search-key thibaut@debian.org
gpg: searching for "thibaut@debian.org" from hkp server pgp.mit.edu
[snip]
(2)	Thibaut Paumard <thibaut@debian.org>
	  4096 bit RSA key E0DC2840, created: 2014-06-16
(3)	Thibaut Paumard <thibaut@debian.org>
	Thibaut Paumard <paumard@users.sourceforge.net>
	  4096 bit RSA key E0DC2840, created: 2012-06-12
[snip]


I checked that the full fingerprints don't match.

Regards, Thibaut.


Le 10/08/2016 00:47, Samuel Thibault a écrit :
> Hello,
> 
> As a late follow-up of the gpg key collision thread from debian-private
> (but posted on debian-devel, there is nothing private here, I prefer to
> see this information publicized actually):
> 
> € gpg --search-key samuel.thibault@gnu.org
> ...
> (1) Samuel Thibault <samuel.thibault@gnu.org>
> 4096 bit RSA key 7D069EE6, created: 2014-06-16
> (2) Samuel Thibault <samuel.thibault@gnu.org>
> 4096 bit RSA key 7D069EE6, created: 2010-09-14
> 
> So somebody *does* try to fake my gpg key too...
> 
> For the reminder,
> https://gwolf.org/node/4070
> 
> Samuel
>

Reply to:

Follow-Ups:
- Re: Key collisions in the wild
  - From: Thibaut Paumard <thibaut@debian.org>

References:
- Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>

Prev by Date: Re: Key collisions in the wild
Next by Date: Re: copyright precision
Previous by thread: Re: Key collisions in the wild
Next by thread: Re: Key collisions in the wild
Index(es):
- Date
- Thread