Zeronet: 32-bit OpenPGP fingerprint in README.md is insecure

Created on 19 Jan 2020  路  1Comment  路  Source: HelloZeroNet/ZeroNet

Step 1: Please describe your environment

  • ZeroNet version: 224093b3dd9b7ee4f332811cddccbaf123090fa3
  • Operating system: Whonix
  • Web browser: Tor Browser
  • Tor status: N/A
  • Opened port: N/A
  • Special configuration: N/A

Step 2: Describe the problem:

Steps to reproduce:

  1. Open the README.md.
  2. Look for the OpenPGP fingerprint.

Observed Results:

Email: [email protected] (PGP: CB9613AE)

This is a 32-bit fingerprint, which is insecure.

Expected Results:

The full 160-bit fingerprint should be provided.

According to https://github.com/HelloZeroNet/ZeroNet/issues/759#issuecomment-274913998 , the 160-bit fingerprint is 960F FF2D 6C14 5AA6 13E8 491B 5B63 BAE6 CB96 13AE, but @HelloZeroNet should probably confirm that himself.

picture JeremyRand

Most helpful comment

Thanks for the suggestion, fixed: https://github.com/HelloZeroNet/ZeroNet/commit/914576b9db6a12aeeb6a2e0f4236fefed2b7526e

picture HelloZeroNet on 19 Jan 2020
👍3

>All comments

Thanks for the suggestion, fixed: https://github.com/HelloZeroNet/ZeroNet/commit/914576b9db6a12aeeb6a2e0f4236fefed2b7526e

HelloZeroNet picture HelloZeroNet on 19 Jan 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

DaniellMesquita picture DaniellMesquita  路  3Comments
iShift picture iShift  路  3Comments
sergei-bondarenko picture sergei-bondarenko  路  3Comments
imachug picture imachug  路  3Comments
jerry-wolf picture jerry-wolf  路  4Comments