If you’re curious, I’ve been advised that Keybase’s entire verification approach may be fundamentally broken
@adamcaudill I think it may be possible to produce fake keys which still verify against a tweeted signature
-
-
@bascule Partial hash collision, as they are only using part of the SHA256 hash? -
@adamcaudill the security of a digital signature algorithm comes from the key(s). Signatures themselves may collide under different keys
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.