On May 16, 2017, at 9:47 AM, Janne Inkilä wrote:
>
> I made a key search with my name and found something suspicious.
>
> The search:
>
> https://pgp.mit.edu/pks/lookup?search=janne+inkila=index=on
>
> I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D
There was a proof of concept attack on the fingerprints a couple of
years ago. The keys were revoked afterwards.
TL;DR short key fingerprints are not secure at all. Also the web of
trust is your friend here.
Cheers,
Felix
On 16/05/17 15:47, Janne Inkilä wrote:
I made a key search with my
On 2017/05/16 14:47, Janne Inkilä wrote:
> Did someone really generated same looking key? And why? Any ideas?
Yes, they did. Most of the strong set was duplicated by the Evil32
project in order to demonstrate the danger of relying on short key IDs
(because on modern hardware it takes mere seconds
I made a key search with my name and found something suspicious.
The search:
https://pgp.mit.edu/pks/lookup?search=janne+inkila=index=on
I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D 9B8F
F679 A482 4C9A 033E 22A2. I know this is quite old key and maybe I
should revoke