Security of the gpg private keyring?
Faramir
faramir.cl at gmail.com
Fri Apr 1 02:03:49 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 28-02-2011 11:09, David Shaw escribió:
...
> You can do quite a lot with stuff like this. Who signed who can tell you who this person has met, and often where. If you see a bunch of signatures around a particular date, look for a keysigning party on that date - now you have evidence they were there. Email addresses can reveal an enormous amount of information about a person. Robert and I did an experiment a few months ago where starting only from his public key, I was easily able to find out real-world addresses, parents names, siblings, etc.
Of course, you can collect some noise too, after all, people don't
need your authorization to sign your public key.
There was a "funny" case, about key 0xAC88553D getting a signature
from key 0xDE4C0E35
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJNlRZlAAoJEMV4f6PvczxAs1oH/3lB5qpPeA34+m3l220JVm06
U1nt+VUtMDSVMHQaicgDkZ9JbCLK+UZhOVYIOS5RWgapiuxZxbTOIgJ8Ezi2k/R0
AZxJsAidBmErwl2F3H09EXf9ksj4wVQX3jmPHb+ug1dXVfXC8gvK5DHmB//PiLwg
JPlwTW+NIlIGlkUoqGa8OeTeVFQEJwPPU8xsSJLtA4QZN41rvpOsZwQPlKjPSHtL
6p7tvkCdL0/QZuLLXo5xKScJcngRR4iOUd6yxUNVDh6UwsrhhVOTNgJ2CI7FxqTt
drc7m75mlng6L4UkjY+tYYC2zx7u2Otj4toH/Y8iSucPgnENHOrgzgR00QXkHtY=
=7lAL
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list