There was a proof of concept attack on the fingerprints a couple of
years ago. The keys were revoked afterwards.
TL;DR short key fingerprints are not secure at all. Also the web of
trust is your friend here.
Cheers,
Felix
On 16/05/17 15:47, Janne Inkilä wrote:
I made a key search with my name and found something suspicious.
The search:
https://pgp.mit.edu/pks/lookup?search=janne+inkila&op=index&fingerprint=on
I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D
9B8F F679 A482 4C9A 033E 22A2. I know this is quite old key and maybe
I should revoke it.
BUT
I also found another key with fingerprint 87C4 F4C8 16D1 3CC3 03E0
7977 1A9C 6259 033E 22A2. The key ID is the same 033E 22A2 on both
keys. There's also signatures in this key. Looks like same persons and
same key ID's but fingerprints doesn't match. For some reason this key
has been revoked.
Did someone really generated same looking key? And why? Any ideas?
Someone tries to capture my emails? I would like to see some sort of
theory what is going on, thanks :)
Janne Inkilä
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
