On 03/07/2019 05.32, Andrei Borzenkov wrote:
02.07.2019 14:53, Carlos E. R. пишет:
Hi
What they do is sign a PGP key many thousand of times, increasing its size to megabytes. Tools like enigmail can not cope and crash. The key servers were designed to never delete anything, but obviously this attack (on just a few keys so far) overloads the system. If it spreads, it could potentially affect packaging and distribution of upgrades.
More info: <https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f>
If you feel this is offtopic, just follow up on <opensuse-offtopic@opensuse.org>
I wonder if this is why I cannot start tor browser via launcher which hangs at processing PGP keys. Keyring used by launcher internally suddenly grow
$ LC_ALL=C ll .local/share/torbrowser/gnupg_homedir/pub* -rw------- 1 bor bor 16753163 Jul 1 20:37 .local/share/torbrowser/gnupg_homedir/pubring.gpg -rw------- 1 bor bor 153667 Jun 28 19:51 .local/share/torbrowser/gnupg_homedir/pubring.gpg~
gpg requesting key from keyserver loops like mad.
Could be. Mine starts fast, but it is an old version. The Spanish article I read said the attack was on two keys: Robert J. Hansen and Daniel Kahn Gillmor. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)