Hi,
I think this could be interesting for a couple of people:
I had a project running in private for quite a while, I now published
the details: I wrote a script that analyzes the dumps from key servers
and puts the crypto values into a mysql database.
This can be used to search for vulnerable k
Great paper! Thanks!
From the paper:
> However when trying to calculate the private keys it turns out most
> of these results aren't real signatures.
I was under the impression that SKS verified signature packets both
during upload and during gossip. If so, how did invalid or corrupt
signature pa
On Sun 2015-03-22 10:33:01 -0500, Daniel Roesler wrote:
> I was under the impression that SKS verified signature packets both
> during upload and during gossip.
SKS does no cryptographic verification. :( Even if it were to start
doing verification, it's not clear how that would work with
certific
