Rejo Zenger rejo at
Fri Sep 26 08:58:46 CEST 2014

++ 25/09/14 22:29 -0400 - Peter S. May:
>completely map it out. But let's say some person other than me signs an
>assertion saying "My name is Eve, public key signature is ABCDEFGH, and
>@psmay is my Twitter account". Let's say, for the sake of argument, that
>I don't treat my Twitter password with the same respect with which I
>treat my passphrase, and the attacker tweets the assertion. Then, let's
>say someone else tries to look up a public key for @psmay and finds that
>assertion. Private messages intended for me are now going to my
>doppelganger. I think this serves to suggest that the assertion itself

This will not work if the one who is being forged is keeping track of 
the tweets that are being sent from his or her account. In my case, I 
would most definately noticing a tweet on my account which wasn't of 

But then again, I have a fairly strong password on my Twitter-account as 
well. :)

Rejo Zenger
E rejo at | P +31(0)639642738 | W  
T @rejozenger | J rejo at
OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: </pipermail/attachments/20140926/d87fc628/attachment.sig>

More information about the Gnupg-users mailing list