Hundreds of RSA keys factored
Robert J. Hansen
rjh at sixdemonbag.org
Thu May 5 00:09:07 CEST 2016
> There is this scary project listing several hundreds factored pgp/rsa
> keys: http://trilema.com/2016/the-phuctoring/
Not scary. Not all that interesting, either. It's also been discussed
on this list before. This group claims to have access to my secret key.
I posted a 256-bit random sequence and asked them to sign it with my
key. Daniel Kahn Gillmor realized I'd made an oversight: it could be my
encryption key they'd broken. He posted an encrypted message and
suggested they reveal the random string contained therein.
We have not heard back from them.
See, e.g.:
https://lists.gnupg.org/pipermail/gnupg-users/2015-May/053632.html
Until such time as they're able to verify that yes, they can forge
signatures or decrypt traffic, I think we should be suspicious of their
claims.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160504/379c488b/attachment.sig>
More information about the Gnupg-users
mailing list