On Thu, 21 May 2015 23:58, b...@adversary.org said:
Is it possible that a keyserver running the old, buggy PKS code
(v. 0.9.something) mangled these keys?
Yes, but that won't explain why the key binding signature is valid.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen
On 22/05/2015 5:00 pm, Werner Koch wrote:
On Thu, 21 May 2015 23:58, b...@adversary.org said:
Is it possible that a keyserver running the old, buggy PKS code
(v. 0.9.something) mangled these keys?
Yes, but that won't explain why the key binding signature is valid.
Okay, there's clearly
On 22/05/2015 5:37 am, Werner Koch wrote:
These are all encryption subkeys. The third key is the one from
H. Peter Anvin. I have not found one of the fingerprints given in the
said blog posting: gpg removed it while importing the key. It is a bit
disturbing that the other subkey listed
On 5/21/2015 at 3:45 PM, Werner Koch w...@gnupg.org wrote:
Some guy
downloaded most RSA keys from a keyserver and tried to factor 1.9
million moduli. They found 30 keys with a subkey having one of the
first 1000 primes as a factor.
I looked at 8 of those keys and
found that 2 are likely PGP
On Thu, 21 May 2015 18:23, d...@fifthhorseman.net said:
At least one of the keys he claimed to have broken is a degraded copy of
one of H. Peter Anvin's actual subkeys, as Hanno Böck pointed out here:
That reminds if of a private discussion I had last autumn. Some guy
downloaded most RSA keys
On Thu 2015-05-21 12:23:20 -0400, Daniel Kahn Gillmor wrote:
Which key does he claim to have broken? If Mircea has broken your
encryption-capable subkey (0xB8A6B74C001892C2) then he might only be
able to decrypt messages sent to you, but not sign them.
To provide him with an opportunity to
Which key does he claim to have broken? If Mircea has broken your
encryption-capable subkey (0xB8A6B74C001892C2) then he might only be
able to decrypt messages sent to you, but not sign them.
He didn't say. You're correct in that I made an unfounded assumption;
thank you for the
On Wed 2015-05-20 20:13:32 -0400, Robert J. Hansen wrote:
In the last couple of days a few different people have pointed me to
Mircea Popescu's blog, where he's claimed he's broken ~150 keys that are
in common circulation among the keyservers.
At least one of the keys he claimed to have broken