Juergen Bruckner via Gnupg-users wrote: > Thats pretty interesting, but the author also says he did this as showcase. > Nontheless, its not really good to have such a tool "in the wild", and > even on a plattform like GitHub
A tool like this has been in the wild for several weeks. As skeeto says "Further, this attack has been known for years, and in 2019 it's been used against real keys on keyservers. This tool is nothing new and does not create any new capabilities. It's merely proof that such attacks are very easy to pull off. It doesn't take a nation-state actor to break the PGP ecosystem, just one person and couple evenings studying RFC 4880. This system is not robust." One wonders why an attack that's been known for years is only being addressed now that it has been used. > Am 11.08.19 um 23:47 schrieb Anonymous Remailer (austria): >> >> https://github.com/skeeto/pgp-poisoner >>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users