Re: Key collisions in the wild
Sebastian Reichel, on Wed 10 Aug 2016 07:14:09 +0200, wrote:
> On Wed, Aug 10, 2016 at 12:47:43AM +0200, Samuel Thibault wrote:
> > As a late follow-up of the gpg key collision thread from debian-private
> > (but posted on debian-devel, there is nothing private here, I prefer to
> > see this information publicized actually):
> >
> > € gpg --search-key samuel.thibault@gnu.org
> > ...
> > (1) Samuel Thibault <samuel.thibault@gnu.org>
> > 4096 bit RSA key 7D069EE6, created: 2014-06-16
> > (2) Samuel Thibault <samuel.thibault@gnu.org>
> > 4096 bit RSA key 7D069EE6, created: 2010-09-14
> >
> > So somebody *does* try to fake my gpg key too...
>
> Looks like somebody uploaded the evil32 (https://evil32.com/)
> data to public keyservers.
Not all of evil32 apparently, there is not 6E520E81EA52ECF4 on
pgp.mit.edu for instance. Just looking at the people I've signed,
something like 1/4 of their clones have been uploaded.
Samuel
Reply to: