[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Key collisions in the wild

* Samuel Thibault <sthibault@debian.org>, 2016-08-10, 01:17:

Samuel Thibault, on Wed 10 Aug 2016 00:47:43 +0200, wrote:

€ gpg --search-key samuel.thibault@gnu.org
...
(1) Samuel Thibault <samuel.thibault@gnu.org>
4096 bit RSA key 7D069EE6, created: 2014-06-16


And it has 55 signatures from 55 colliding keys...
The forger botched it up, because all its signatures have almost the same creation time. You can tell it's a sham key from quite a long way away. 

--
Jakub Wilk
Reply to: