Matt Palmer <[email protected]> writes: >Well, I don't know if it's actually all that interesting to security >researchers, since I've never had anyone ask in the six years I've been >running Pwnedkeys.
That could be because it's been pretty well under the radar until now, I knew it existed but that was about it, and I've never seen it mentioned in research publications. >But yes, I've got records of every time I find a key, including algorithm, >bits/curve (as appropriate), when it was found, where it was found, how it >was found, what format it was in, key passphrase (for cracked keys), and >anything else that seemed potentially useful when I built it. Very nice! >I've got a whole load of research ideas floating around, but not the time to >pursue them. For example, I had an experiment design for a measurement of >the real-world effectiveness of revocation, but couldn't justify the time >commitment to do the work relative to other (money-making) work. I don't >suppose you've got a spare part-time research fellowship in your back pocket? Nothing sorry, I work in industry despite the .edu address. However if you look at the arxiv.org collection there's quite a few papers there which are really just "here's a data dump, see if you find it useful" (with a lot of padding commentary text to make it longer), so what you've got above shouldn't preclude publication in some form or other. (Not saying that you must do this, but just pointing out that it sounds like there's enough there to be posted somewhere). Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ME0P300MB07136BCD2C3528381F4DDCB6EE542%40ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM.
