[tor-bugs] #6373 [Website]: use long gpg ids instant of short gpg ids
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Jul 11 00:16:56 UTC 2012
#6373: use long gpg ids instant of short gpg ids
-------------------------+--------------------------------------------------
Reporter: proper | Owner: phobos
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
https://www.torproject.org/docs/verifying-signatures.html.en
Gpg short ids are not safe.
http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
Instant of
{{{
gpg.exe --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x63FEE659
}}}
suggest
{{{
gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys
8738A680B84B3031A630F2DB416F061063FEE659
}}}
I suppose people who do this, know copy and paste.
This stops anyone from posting a key to the keyserver with the same short
id 0x63FEE659.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6373>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list