On Thu, 21 May 2015 18:23, [email protected] said: > At least one of the keys he claimed to have broken is a degraded copy of > one of H. Peter Anvin's actual subkeys, as Hanno Böck pointed out here:
That reminds if of a private discussion I had last autumn. Some guy downloaded most RSA keys from a keyserver and tried to factor 1.9 million moduli. They found 30 keys with a subkey having one of the first 1000 primes as a factor. He asked a few of them and while most used different versions of GnuPG one recalled to have used a commercial PGP tool to create the key in 2007. I looked at 8 of those keys and found that 2 are likely PGP created and 6 are by GPG. | Mail | S | factor | size | keyid | created | |------+---+--------+------+----------+------------| | xxxx | g | 0x3 | 4096 | xxxxxxx7 | 2010-12-28 | | xxxx | p | 0x49a3 | 3001 | xxxxxxx2 | 2007-04-29 | | xxxx | g | 0x1125 | 4096 | 1299816A | 2011-09-22 | | xxxx | g | 0x182d | 2048 | xxxxxxx3 | 2011-09-23 | | xxxx | g | 0x3 | 4096 | xxxxxxxB | 2011-08-09 | | xxxx | g | 0xc29b | 4096 | xxxxxxx0 | 2011-02-02 | | xxxx | g | 0x3cb3 | 2048 | xxxxxxxC | 2012-02-07 | | xxxx | p | 0x1f | 2048 | xxxxxxxF | 2010-01-18 | These are all encryption subkeys. The third key is the one from H. Peter Anvin. I have not found one of the fingerprints given in the said blog posting: gpg removed it while importing the key. It is a bit disturbing that the other subkey listed above has a good key binding signature. I got distracted for some time and a few weeks later the PGP team at Symantec reported back that these are all duplicated subkeys where the other subkey had no small factors. Their thesis is that this happened due to memory corruption while merging a key. They planned to investigate that further using the PGP SDK but, like me, the case was more or less forgotton. Incidentally, I met one of the other guys with a broken subkey at LinuxCon and he told me that some folks complained that they can't encrypt to him. For other this was no problem, though. My conclusion is that there are two issue: - Someone adding broken subkeys to the keyservers with a bad key-binding signature. No problem at all. - About 30 key with a valid key binding but with a partly duplicated subkey where both have a valid key binding signature. Most likely a software bug. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
