Opened 5 months ago

Closed 5 months ago

#31213 closed defect (duplicate) TBB verification instructions - "poisoned" public key

Reported by: lofenyy Owned by: hiro
Priority: Medium Milestone:
Component: Webpages/Support Version:
Severity: Normal Keywords:
Cc: ggus Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


The instructions on for verifying the TOR Browser Bundle don't really work anymore, due to a "key poisoning" attack on the signing key located on the keyserver. I came across this by downloading the TBB and the signature, and then trying to import the public key (on a new machine that doesn't already have it) so I can verify it, only to find out that I couldn't.

Affected page:
Relevant mailing list post:
Description of attack:

Child Tickets

Change History (1)

comment:1 Changed 5 months ago by ggus

Resolution: duplicate
Status: newclosed

See ticket: #31168

Note: See TracTickets for help on using tickets.