Hundreds of RSA keys factored

Robert J. Hansen rjh at
Thu May 5 00:09:07 CEST 2016

> There is this scary project listing several hundreds factored pgp/rsa
> keys:

Not scary.  Not all that interesting, either.  It's also been discussed
on this list before.  This group claims to have access to my secret key.
 I posted a 256-bit random sequence and asked them to sign it with my
key.  Daniel Kahn Gillmor realized I'd made an oversight: it could be my
encryption key they'd broken.  He posted an encrypted message and
suggested they reveal the random string contained therein.

We have not heard back from them.

See, e.g.:

Until such time as they're able to verify that yes, they can forge
signatures or decrypt traffic, I think we should be suspicious of their

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160504/379c488b/attachment.sig>

More information about the Gnupg-users mailing list