Everyone in the 2600 group on Facebook got a message from Adrian last week:
Please take a moment to delete your ~/.purple/otr.private_key & re-key
as soon as possible. Verify fingerprints in an out-of-band fashion,
such as telephone.
If practical, change PGP keys, and consider re-keying on a set schedule.
Set the re-key time on your SSH sessions to 30 minutes or less. *wild guess*
There is no specific reason for this. I'm just suggesting this as a
friendly piece of advice. Please act as soon as you have the time.
Post on the wall if you have any questions about how to do the above,
or whether it applies to you. If you don't currently use OTR and PGP,
look into them, especially OTR.
If anyone here with some actual expertise in cryptography has advice,
I'm welcoming it.
*** Disable logging for OTR conversations. ***
Have a nice day.
It was strange (concerning?) enough to get that at all; now it has me wondering what else we're in for in the next few weeks.