
Adobe Security team posted their private key - 0x0
https://twitter.com/jupenur/status/911286403434246144
======
r3bl
Even though I was against "GPG is too complicated" thing, in the last 20 min I
corrected a couple of people, so just to be clear:

* This key was issued four days ago.

* No, anybody with that key can't read their messages. You still need a password for the key.

* The password for the key could be cracked (depends solely on how complicated the password is) with a copy of the key, but the key is already revoked.

* You would still need a copy of the email to read it. If you're trying to impersonate them, you still have to impersonate the email from that email address as well.

It is bad. It is a rookie mistake. It is not a catastrophic mistake though and
there will probably be no consequences of it.

------
TwoNineA
Today I learned: Adobe has a security team.

------
tonyztan
Looks like they've removed the compromised key and posted a new public key:
[https://blogs.adobe.com/psirt/?page_id=1498](https://blogs.adobe.com/psirt/?page_id=1498)

------
taithethai
It's since been revoked.

[https://pgp.mit.edu/pks/lookup?op=vindex&search=0x86C00FC2AF...](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x86C00FC2AF877616)

~~~
tonyztan
What we don't know is whether Adobe or someone else revoked it, since anyone
with private key can revoke.

~~~
TeMPOraL
Doesn't matter as long as it's revoked, right?

------
excalibur
That's a paddlin'.

