| Openwall Project | /home Owl JtR Pro crypt pam_passwdqc tcb phpass scanlogd popa3d msulogin / Linux BIND / advisories presentations / services donations / wordlists passwords / news community lists wiki CVSweb mirrors signatures | |
| bringing security into open environments | ||
|
This page (http://www.openwall.com/signatures/) is the place to get the current PGP key used to check signatures on software you can obtain from openwall.com or its mirrors.
Any revocation certificates will also be posted here, should the key be compromised.
Note that a valid signature does not guarantee that this website itself hasn't been compromised, unless you're using a copy of the key that you had for long enough for a possible intrusion to be detected. Also, you should probably not trust a new key you might find here unless there's also a valid revocation certificate for the old one. Keep in mind that, if this website ever gets compromised, an intruder would be able to replace the public key posted here, not just a software package they might want to backdoor. This is the reason for the above measures.