suspicious key found
Felix Winterhalter
felix at audiofair.de
Tue May 16 17:26:20 CEST 2017
There was a proof of concept attack on the fingerprints a couple of
years ago. The keys were revoked afterwards.
TL;DR short key fingerprints are not secure at all. Also the web of
trust is your friend here.
Cheers,
Felix
On 16/05/17 15:47, Janne Inkilä wrote:
> I made a key search with my name and found something suspicious.
>
> The search:
>
> https://pgp.mit.edu/pks/lookup?search=janne+inkila&op=index&fingerprint=on
>
>
> I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D
> 9B8F F679 A482 4C9A 033E 22A2. I know this is quite old key and maybe
> I should revoke it.
>
> BUT
>
> I also found another key with fingerprint 87C4 F4C8 16D1 3CC3 03E0
> 7977 1A9C 6259 033E 22A2. The key ID is the same 033E 22A2 on both
> keys. There's also signatures in this key. Looks like same persons and
> same key ID's but fingerprints doesn't match. For some reason this key
> has been revoked.
>
> Did someone really generated same looking key? And why? Any ideas?
> Someone tries to capture my emails? I would like to see some sort of
> theory what is going on, thanks :)
>
> Janne Inkilä
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
More information about the Gnupg-users
mailing list