[Cryptography] JYA and Cryptome Keys Compromised
Nicholas Cole
nicholas.cole at gmail.com
Wed Sep 16 04:45:02 EDT 2015
On Tuesday, 15 September 2015, John Young <jya at pipeline.com> wrote:
> Correct analysis. First was get out a prompt notice to wave off users,
> then proceed with other authentications. Toughest problem is how to
> avoid another compromise of new keys since so many ways to do
> that have arisen and/or suspected over the life of PGP and other
> systems. WoT is problematic too, as are key signing parties, and
> so on. Other systems claim to be better, and we are using some of
> them, waiting and watching and suspecting are the lessons learned
> from stalwart testbed PGP in all its guises and disguises.
>
> We likely would not have discovered the compromises if not for
> those lessons.
>
> Nor do we mind starting from scratch, perhaps a bit more often
> than 11 years. Tornados do happen out side alleys of easy
>
>
Are you able to share details of how the compromise was done and detected?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150916/a1fa68cf/attachment.html>
More information about the cryptography
mailing list