Hacker News new | past | comments | ask | show | jobs | submit login

This page is absolutely correct that you should not use 32 bit key IDs, ever.

However, some of its information about GnuPG is out of date. As of version 1.4.17 (released in June), GnuPG no longer blindly accepts responses from key servers:

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit...

http://bugs.g10code.com/gnupg/issue1579

The fix was backported to wheezy-security as well:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725411




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: