On 22/05/2015 5:00 pm, Werner Koch wrote:
> On Thu, 21 May 2015 23:58, b...@adversary.org said:
>
>> Is it possible that a keyserver running the old, buggy PKS code
>> (v. 0.9.something) mangled these keys?
>
> Yes, but that won't explain why the key binding signature is valid.
Okay, there's cle
On Thu, 21 May 2015 23:58, b...@adversary.org said:
> Is it possible that a keyserver running the old, buggy PKS code
> (v. 0.9.something) mangled these keys?
Yes, but that won't explain why the key binding signature is valid.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen reg
On 5/21/2015 at 3:45 PM, "Werner Koch" wrote:
>Some guy
>downloaded most RSA keys from a keyserver and tried to factor 1.9
>million moduli. They found 30 keys with a subkey having one of the
>first 1000 primes as a factor.
> I looked at 8 of those keys and
> found that 2 are likely PGP create
On 22/05/2015 5:37 am, Werner Koch wrote:
>
> These are all encryption subkeys. The third key is the one from
> H. Peter Anvin. I have not found one of the fingerprints given in the
> said blog posting: gpg removed it while importing the key. It is a bit
> disturbing that the other subkey liste
On Thu 2015-05-21 12:23:20 -0400, Daniel Kahn Gillmor wrote:
> Which key does he claim to have broken? If Mircea has broken your
> encryption-capable subkey (0xB8A6B74C001892C2) then he might only be
> able to decrypt messages sent to you, but not sign them.
>
> To provide him with an opportunity
On Thu, 21 May 2015 18:23, d...@fifthhorseman.net said:
> At least one of the keys he claimed to have broken is a degraded copy of
> one of H. Peter Anvin's actual subkeys, as Hanno Böck pointed out here:
That reminds if of a private discussion I had last autumn. Some guy
downloaded most RSA key
> Which key does he claim to have broken? If Mircea has broken your
> encryption-capable subkey (0xB8A6B74C001892C2) then he might only be
> able to decrypt messages sent to you, but not sign them.
He didn't say. You're correct in that I made an unfounded assumption;
thank you for the correcti
On Wed 2015-05-20 20:13:32 -0400, Robert J. Hansen wrote:
> In the last couple of days a few different people have pointed me to
> Mircea Popescu's blog, where he's claimed he's broken ~150 keys that are
> in common circulation among the keyservers.
At least one of the keys he claimed to have brok
