Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday August 15 2016, @01:45PM   Printer-friendly
from the keys-to-the-kingdom dept.

Enrico Zini wrote:

There are currently at least 3 ways to refer to a GPG key: short key ID (last 8 hex digits of fingerprint), long key ID (last 16 hex digits) and full fingerprint. The short key ID used to be popular, and since 5 years it is known that it is computationally easy to generate a GnuPG key with an arbitrary short key id.

LWN.net wrote in June 3, 2016:

Gunnar Wolf urges developers to stop using "short" PGP key IDs as soon as possible. The impetus for the advice originates with Debian's Enrico Zini, who recently found two keys sharing the same short ID in the wild.

After contacted the owner, it turned out that one of the keys is a fake. In addition, labelled same names, emails, and even signatures created by more fake keys. Weeks later, more developers found their fake "mirror" keys on the keyserver, including the PGP Global Directory Verification Key. Gunnar Wolf wrote:

We don't know who is behind this, or what his purpose is. We just know this looks very evil. [...] In short, that cutting a fingerprint in order to get a (32- or 64-bit) short key ID is the worst of all worlds, and we should rather target either always showing full fingerprints, or not showing it at all (and leaving all the crypto-checking bits to be done by the software, as comparing 160-bit strings is not natural for us humans).

Now, a fake key (fake: 0x6211aa3b00411886, real: 0x79be3e4300411886) of Linus Torvalds was found in the wild, scroll the page and you'll see two. It looked like that every single key from the Linux kernel community have been forged successfully, another example is Greg Kroah-Hartman (fake:0x27365dea6092693e, real: 0x38dbbdc86092693e). LWN reader "rmayr" commented:

so it seems somebody is actually constructing a database of fake keypairs with "well-known" short IDs. Something is going on here...


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by kurenai.tsubasa on Monday August 15 2016, @05:24PM

    by kurenai.tsubasa (5227) on Monday August 15 2016, @05:24PM (#388280) Journal

    Ok, I will also try not to read something into what you wrote that is not there.

    But this quote above from your post tells me you really *are* a moron, someone who really thinks that women /are/ incapable of doing things and need men's aide at all times.

    I see that the correct thing to do when I was accused of sexism to my face because I was not assigned the same gender at birth as Ada Lovelace was to accept that “sexist” is something that was assigned at birth instead of mentoring and supporting cisfemales who wanted to learn programming—even sticking my neck out and reporting sexual harassment when it happened.

    I see that after all that effort, the conclusion is still the same as the accusation that motivated me to try to do something about the problem.

    Would you care to offer your theory about why there are no cisfemale in tech? Transfemales have no problem getting tech jobs, well, besides the other complaints that would apply to anybody such as H1Bs and ageism.

    Essentially, you're holding me accountable for the failure of cisfemales who are interested in tech jobs for purposes other than fabricating evidence that all assigned males in tech are sexual harassers to precipitate out of the aether. I tried to help. I tried to mentor. But those attempts were merely evidence of my sexist, moronic, misogynist attitudes.

    Am I understanding you correctly? Any attempt on the part of an assigned male to help cisfemales with this problem, whether it's fighting sexual harassment, being a mentor, connecting parts of a woman's existing academic experience to concepts in programming, is further evidence of their misogyny?

  • (Score: 0) by Anonymous Coward on Monday August 15 2016, @05:46PM

    by Anonymous Coward on Monday August 15 2016, @05:46PM (#388287)

    I see that the correct thing to do when I was accused of sexism to my face because I was not assigned the same gender at birth as Ada Lovelace was to accept that “sexist” is something that was assigned at birth instead of mentoring and supporting cisfemales who wanted to learn programming—even sticking my neck out and reporting sexual harassment when it happened.

    Incorrect, sexism is what you just displayed! It's got nothing to do with your or anyone else's gender whether or not you are a sexist, nothing to do with your birth, nothing to do with programming. However it has EVERYTHING to do with your (yes, you, you individually, you specifically) behavior.

    I see that after all that effort, the conclusion is still the same as the accusation

    well, your behavior hasn't changed... you're still doing the same thing. Why would the conclusion change if all the rest has remained equal?

    Would you care to offer your theory about why there are no cisfemale in tech?

    First off, you're one of the very few people that I know who actually throw around terms like 'cisfemale' but that's your choice, however know that it detracts from your message.
    Secondly, there are 'cisfemale' in tech. Like I said before: go outside once in a while. You'll find that the world isn't as scary as your on-line friends/acquaintances make it out to be. Get to know some actual people.

    Essentially, you're holding me accountable for the failure of cisfemales who are interested in tech jobs for purposes other than fabricating evidence that all assigned males in tech are sexual harassers to precipitate out of the aether.

    No, I'm trying to point out things that you say, claim or write. I have no idea what you did before, what you're doing now, heck, I don't even know who you are. And that doesn't matter to me.
    That being said, you make quite a claim there regarding the "fabricating evidence"... Are you sure that the evidence was fabricated and isn't just ... existing? Please, elaborate on these claims. Substantiate them and lay them out so that they can be verified. If you do, I may actually be swayed over to your side. Until that time, expect me to be on the opposite side of you.

    Am I understanding you correctly?

    No, no you did not...

    You know... sometimes it really isn't the big, bad, evil world that's holding you down. Sometimes it really is just your own fault! And while no-one like hearing that, in this case, I think it's time you hear it regarding yourself.

    • (Score: 2, Interesting) by kurenai.tsubasa on Monday August 15 2016, @07:50PM

      by kurenai.tsubasa (5227) on Monday August 15 2016, @07:50PM (#388362) Journal

      Incorrect, sexism is what you just displayed!

      Well fuck you then. I'd sure as hell love to not pay attention to everybody's gender. But HOW THE FUCK DOES THAT GET US ENOUGH WOMEN IN TECH?! Somebody's being sexist here, that's for sure.

      In fact, if what I wrote is sexist, then that is fucking proof that the stance I've come to adopt to never, ever mentor a woman again is the correct one. Maybe I'm not choosing the correct word with mentor. Maybe I should be calling what I do “remedial algebra tutor.” DO YOU THINK I FUCKING WASTE MY TIME ON GUYS THAT ARE DUMBFUCKS WHO ARE NEVER GOING TO GET IT? Do you know why I don't? BECAUSE NOBODY'S GOING TO CALL ME A SEXIST FOR SAYING A GUY JUST HAS NO FUCKING TALENT. I can beat guys up all day long and nobody will call me sexist for that. If a guy fails, he fails because of his own lack of merit/virtue/talent/whatever. If a woman fails, it's OMG Sexism!11!!eleven!!

      Fucking damned if you do, damned if you don't. FUCK YOU.

      Secondly, there are 'cisfemale' in tech. Like I said before: go outside once in a while. You'll find that the world isn't as scary as your on-line friends/acquaintances make it out to be. Get to know some actual people.

      Uh, I do? There clearly aren't enough cisfemales in tech to appease the Narrative, however the fuck many that needs to be.

      That being said, you make quite a claim there regarding the "fabricating evidence"... Are you sure that the evidence was fabricated and isn't just ... existing?

      Are you seriously trying to say that there is just some magickal force field that prevents women from making false rape accusations or false sexual harassment accusations? How does this work? Is it similar to the way a woman's body can just “shut down the whole thing” if she's rape-raped?

      Sometimes it really is just your own fault!

      If a woman is working as a technician in a computer store and somebody comes up to the counter asking to “talk to a technician,” am I to understand that the problem the woman is having is really her own fault?

      • (Score: 0) by Anonymous Coward on Monday August 15 2016, @09:06PM

        by Anonymous Coward on Monday August 15 2016, @09:06PM (#388390)

        Don't yell... it's never good form.
        I think you may just suck at 'being a tutor', I mean there's the yelling and there's the bold stuff... It's all so tiring to see someone cornered flail about wildly.
        The OP was not saying that it is "some nebulous person's fault", I think the OP was suggesting that the reason you (kurenai.tsubasa) are encountering experiences where you feel you are being wronged is because it is your (kurenai.tsubasa) fault. I think the OP was suggesting that there is something wrong with you, kurenai.tsubasa.