I feel like everyone is being quick to write this off as "some random, harmless error", probably because the focus is that RSA is not broken, rather than asking what this was really about.
"The only case where this could matter would be a broken implementation of the OpenPGP key protocol that does not check if subkeys really belong to a master key."
I'd be curious to explore that further.
This kernel developer has been targeted in the past:
"During that time, attackers were able to monitor the activities of anyone using the kernel.org servers known as Hera and Odin1, as well as personal computers belonging to senior Linux developer H. Peter Anvin. The self-injecting rootkit known as Phalanx had access to a wealth of sensitive data, possibly including private keys used to sign and decrypt e-mails and remotely log in to servers. A follow-up advisory a few weeks later opened the possibility that still other developers may have fallen prey to the attackers."
Edit: The key in question was created the day before this post by HPA regarding the compromise:
If I wanted to poison HPA with a fake key, why would I create a degenerate one? A fake key with strong factors would have gone unnoticed, at least by this analysis.
At first glance, I thought the keys were the same. I'm undecided if this was deliberate or unintentional. If this was unintentional, perhaps by corruption, how likely would the result generate such an easily factorable key?
Random errors likely generate easily factorable keys. Each prime removes 1/N numbers. So 2 removes 1/2 of possible numbers. 3 remove 1/3 of the remaining possible numbers etc. Just 2, 3, 5, 7, 11, 13 remove 80% of possible random numbers.
"The only case where this could matter would be a broken implementation of the OpenPGP key protocol that does not check if subkeys really belong to a master key."
I'd be curious to explore that further.
This kernel developer has been targeted in the past:
http://arstechnica.com/security/2013/09/who-rooted-kernel-or...
"During that time, attackers were able to monitor the activities of anyone using the kernel.org servers known as Hera and Odin1, as well as personal computers belonging to senior Linux developer H. Peter Anvin. The self-injecting rootkit known as Phalanx had access to a wealth of sensitive data, possibly including private keys used to sign and decrypt e-mails and remotely log in to servers. A follow-up advisory a few weeks later opened the possibility that still other developers may have fallen prey to the attackers."
Edit: The key in question was created the day before this post by HPA regarding the compromise:
https://lwn.net/Articles/460376/