Re: suspicious key found

On May 16, 2017, at 9:47 AM, Janne Inkilä wrote: > > I made a key search with my name and found something suspicious. > > The search: > > https://pgp.mit.edu/pks/lookup?search=janne+inkila=index=on > > I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D

Re: suspicious key found

There was a proof of concept attack on the fingerprints a couple of years ago. The keys were revoked afterwards. TL;DR short key fingerprints are not secure at all. Also the web of trust is your friend here. Cheers, Felix On 16/05/17 15:47, Janne Inkilä wrote: I made a key search with my

Re: suspicious key found

On 2017/05/16 14:47, Janne Inkilä wrote: > Did someone really generated same looking key? And why? Any ideas? Yes, they did. Most of the strong set was duplicated by the Evil32 project in order to demonstrate the danger of relying on short key IDs (because on modern hardware it takes mere seconds

suspicious key found

I made a key search with my name and found something suspicious. The search: https://pgp.mit.edu/pks/lookup?search=janne+inkila=index=on I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D 9B8F F679 A482 4C9A 033E 22A2. I know this is quite old key and maybe I should revoke