Re: Key collisions in the wild

To: Sebastian Reichel <sre@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Key collisions in the wild
From: Samuel Thibault <sthibault@debian.org>
Date: Wed, 10 Aug 2016 12:45:19 +0200
Message-id: <[🔎] 20160810104519.GB20126@var.home>
Mail-followup-to: Sebastian Reichel <sre@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20160810051409.GA26443@earth>
References: <[🔎] 20160809224743.GZ6224@var.home> <[🔎] 20160810051409.GA26443@earth>

Sebastian Reichel, on Wed 10 Aug 2016 07:14:09 +0200, wrote:
> On Wed, Aug 10, 2016 at 12:47:43AM +0200, Samuel Thibault wrote:
> > As a late follow-up of the gpg key collision thread from debian-private
> > (but posted on debian-devel, there is nothing private here, I prefer to
> > see this information publicized actually):
> > 
> > € gpg --search-key samuel.thibault@gnu.org
> > ...
> > (1) Samuel Thibault <samuel.thibault@gnu.org>
> > 4096 bit RSA key 7D069EE6, created: 2014-06-16
> > (2) Samuel Thibault <samuel.thibault@gnu.org>
> > 4096 bit RSA key 7D069EE6, created: 2010-09-14
> > 
> > So somebody *does* try to fake my gpg key too...
> 
> Looks like somebody uploaded the evil32 (https://evil32.com/)
> data to public keyservers.

Not all of evil32 apparently, there is not 6E520E81EA52ECF4 on
pgp.mit.edu for instance. Just looking at the people I've signed,
something like 1/4 of their clones have been uploaded.

Samuel

Reply to:

References:
- Re: Key collisions in the wild
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Key collisions in the wild
  - From: Sebastian Reichel <sre@debian.org>

Prev by Date: Re: Key collisions in the wild
Next by Date: Re: use long keyid-format in gpg.conf (Re: Key collisions in the wild
Previous by thread: Re: Key collisions in the wild
Next by thread: Re: Key collisions in the wild
Index(es):
- Date
- Thread