howto secure older keys after the recent attacks
Robert J. Hansen
rjh at sixdemonbag.org
Fri Sep 11 01:18:42 CEST 2009
Philippe Cerfon wrote:
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?
No.
Sharing media is a great way to spread malware. Don't do that to your
friends. Use the keyserver network.
SHA-1 is in trouble, but it's not dead yet, and regular users should not
be worried about it.
More information about the Gnupg-users
mailing list