> There is this scary project listing several hundreds factored pgp/rsa > keys: http://trilema.com/2016/the-phuctoring/
Not scary. Not all that interesting, either. It's also been discussed on this list before. This group claims to have access to my secret key. I posted a 256-bit random sequence and asked them to sign it with my key. Daniel Kahn Gillmor realized I'd made an oversight: it could be my encryption key they'd broken. He posted an encrypted message and suggested they reveal the random string contained therein. We have not heard back from them. See, e.g.: https://lists.gnupg.org/pipermail/gnupg-users/2015-May/053632.html Until such time as they're able to verify that yes, they can forge signatures or decrypt traffic, I think we should be suspicious of their claims.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
