BAD signatures for GnuPG Stable

Robert J. Hansen rjh at sixdemonbag.org
Thu Jan 28 06:56:31 CET 2016


> Could this be some kind of man-in-the-middle attack? I don't recall
> having seen a signature fail like this before.

MitM is theoretically possible, but unlikely: an attacker would have to
be both technically sophisticated and profoundly stupid.  It's far more
likely there's an innocuous explanation.

The MD5 and SHA256 digests of it are:

ab0b5aba6d0a185b41d07bda804fd8b2
b7dbdb3cad63a740e9f0c632a1da32d4afdb694ec86c8625c98ea0691713b84d

I just downloaded it and was able to verify Werner's signature.




More information about the Gnupg-users mailing list