howto secure older keys after the recent attacks

Robert J. Hansen rjh at sixdemonbag.org
Fri Sep 11 01:18:42 CEST 2009


Philippe Cerfon wrote:
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?

No.

Sharing media is a great way to spread malware.  Don't do that to your
friends.  Use the keyserver network.

SHA-1 is in trouble, but it's not dead yet, and regular users should not
be worried about it.



More information about the Gnupg-users mailing list