Re: Key collisions in the wild
Sebastian Reichel, on Wed 10 Aug 2016 07:14:09 +0200, wrote:
> On Wed, Aug 10, 2016 at 12:47:43AM +0200, Samuel Thibault wrote:
> > As a late follow-up of the gpg key collision thread from debian-private
> > (but posted on debian-devel, there is nothing private here, I prefer to
> > see this information publicized actually):
> > € gpg --search-key firstname.lastname@example.org
> > ...
> > (1) Samuel Thibault <email@example.com>
> > 4096 bit RSA key 7D069EE6, created: 2014-06-16
> > (2) Samuel Thibault <firstname.lastname@example.org>
> > 4096 bit RSA key 7D069EE6, created: 2010-09-14
> > So somebody *does* try to fake my gpg key too...
> Looks like somebody uploaded the evil32 (https://evil32.com/)
> data to public keyservers.
Not all of evil32 apparently, there is not 6E520E81EA52ECF4 on
pgp.mit.edu for instance. Just looking at the people I've signed,
something like 1/4 of their clones have been uploaded.