[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Key collisions in the wild

* Samuel Thibault <sthibault@debian.org>, 2016-08-10, 01:17:
Samuel Thibault, on Wed 10 Aug 2016 00:47:43 +0200, wrote:
€ gpg --search-key samuel.thibault@gnu.org
(1) Samuel Thibault <samuel.thibault@gnu.org>
4096 bit RSA key 7D069EE6, created: 2014-06-16

And it has 55 signatures from 55 colliding keys...

The forger botched it up, because all its signatures have almost the same creation time. You can tell it's a sham key from quite a long way away.

Jakub Wilk

Reply to: