[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] PGP and Signed Messages,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
Another way is to use Keybase (https://keybase.io). It will bind many
different social media (twitter, reddit, github) to the key. This
means that the attacker needs to compromise all of your accounts of
those media to forge the key.
On 02/19/2016 07:45 PM, Josef 'veloc1ty' Stautner wrote:
> Hi,
>
> this is a basic problem of PKI - is the key the correct one to
> use. There is nothing to stop you from copying for example my key
> information. That's why you need to check the received key over
> another channel. For example I put my fingerprint on my website and
> it's also on my business card.
>
> A second way is looking at the signatures from other users thus
> it's not the best method for validating an identity.
>
> ~Josef
>
> Am 19.02.2016 um 13:34 schrieb Nathaniel Suchy:
>> I've noticed a lot of users of Tor use PGP. With it you can
>> encrypt or sign a message. However how do we know a key is real?
>> What would stop me from creating a new key pair and uploading it
>> to the key servers? And from there spoofing identity?
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWxxFfAAoJEGyq803SvUvTCYMP/0KGON0QoE4ZilVqTxHZV4kB
Gg0mjg3nNr42mz/GVlF6eh2vktbrTX7rge9/YRvSIc2/HdLdyNRf6wf8bfYQo0/W
o+IndxquAFMne++kykMmluCk1KVRXoW5IVsAVBw0MXBI6YP4HaCEwQAC2vhx5Dmn
h4zIzYQkOsbBDitVLVKNFxsCWqAnlHdZUZ81U/tdCGsAuAohS5fCIKzmkxKdPPag
F3c4MGv1nKI+IO2LFAN2tIqAG630BEkgwu+y8eUbmIzE42QnRqu2a9k7lowRXnOh
vzL5jKbMyp00TULTIt4PR9+y61i4G0nOUvmZUBJ5ur2jhEMEBhAWywJHGYfL4+/H
2eiGR1hVGR15Z/j0Tpy015VUbo0wnNWbVBDEvfE0IfrZAmX6cfsNRKMpHrCBoQts
aS/JNG4xDVhzkrcrkzZH7UQkHcTZWSAgTbPNDsQXUYeIZyRAm7wJiKwuB26avZPF
EbqweRQFSCzKC7+BogxNFdr6R+h2o21yYTT/O5AeDt1/QSU5UBQVpaBmb8N+CoqP
wseiR0AvZ4Mu9+6uEyaYFQh32yDUPaIi2u6YnJq9L5UjSGIx3gJNNzrmnX0GOmPA
yVcxdjxi20etYqfbm/tvGYpHA6e30r9PqQ4hBpfg515zBVPDgrk9dg+QJHJ5K7n4
HOVs4cLk0GGpzf2CHjtM
=vwo9
-----END PGP SIGNATURE-----
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk