suspicious key found

Felix Winterhalter felix at
Tue May 16 17:26:20 CEST 2017

There was a proof of concept attack on the fingerprints a couple of 
years ago. The keys were revoked afterwards.

TL;DR short key fingerprints are not secure at all. Also the web of 
trust is your friend here.



On 16/05/17 15:47, Janne Inkilä wrote:
> I made a key search with my name and found something suspicious.
> The search:
> I have used my old key since 2007. Fingerprint F4DB 40F8 BF22 8B9D 
> 9B8F  F679 A482 4C9A 033E 22A2. I know this is quite old key and maybe 
> I should revoke it.
> I also found another key with fingerprint 87C4 F4C8 16D1 3CC3 03E0 
> 7977 1A9C 6259 033E 22A2. The key ID is the same 033E 22A2 on both 
> keys. There's also signatures in this key. Looks like same persons and 
> same key ID's but fingerprints doesn't match. For some reason this key 
> has been revoked.
> Did someone really generated same looking key? And why? Any ideas? 
> Someone tries to capture my emails? I would like to see some sort of 
> theory what is going on, thanks :)
> Janne Inkilä
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list