A few days ago there was a tweet posted:
"200+ PGP keys (and counting) publicly broken […]" via @nixcraft [1] http://phuctor.nosuchlabs.com/phuctored
-- egnun
------- [1] https://twitter.com/nixcraft/status/727132066119213057
On Mon, 9 May 2016 15:04, egnun@gmx.de said:
"200+ PGP keys (and counting) publicly broken […]" via @nixcraft [1] http://phuctor.nosuchlabs.com/phuctored
Yeah, that are keys mangled by a broken keyservers. Although they have composite primes the private keys won't have them. We analyzed them last fall already. A well known Linux hacker does now understand why he often receives mails which he can't decrypt: Because those senders use a mangled subkey of him.
See also a recent discussion on the gnupg-users ML.
Salam-Shalom,
Werner
Werner Koch wk@gnupg.org writes:
Yeah, that are keys mangled by a broken keyservers. Although they have composite primes the private keys won't have them. We analyzed them last fall already. […]
See also a recent discussion on the gnupg-users ML.
For readers who come upon this thread later, can you give the URL to that discussion?
On Thu, 12 May 2016 22:08, ben+freesoftware@benfinney.id.au said:
For readers who come upon this thread later, can you give the URL to that discussion?
The current thread:
https://lists.gnupg.org/pipermail/gnupg-users/2016-May/055958.html
A year ago we had a longer discussion:
https://lists.gnupg.org/pipermail/gnupg-users/2015-May/053632.html
which includes may take on this:
https://lists.gnupg.org/pipermail/gnupg-users/2015-May/053644.html
Shalom-Salam,
Werner