oil25 on Hacker News

Ask HN: Is the Tor Browser Developers GPG Key Attacked or Compromised?

When trying to download the Tor Browser Developers key to verify the download (as per https://support.torproject.org/tbb/how-to-verify-signature/), two working public key servers I know of return a 24.8 Megabyte file with over 26 million characters:

> https://keys.gnupg.net/pks/lookup?op=get&search=0x4E2C6E8793298290

> https://pool.sks-keyservers.net/pks/lookup?search=0x4E2C6E8793298290&fingerprint=on&op=index

Surely this can't be right. In fact, I'm worried about even trying to import them into GPG. Has someone vandalized or otherwise broken the signing keys?

4oil256y ago1

oil25

Recent submissions

The Delicate Ethics of Using Facial Recognition in Schools (opens in new tab)

Ask HN: Is the Tor Browser Developers GPG Key Attacked or Compromised?

Recent submissions

The Delicate Ethics of Using Facial Recognition in Schools (opens in new tab)

Ask HN: Is the Tor Browser Developers GPG Key Attacked or Compromised?