Re: Hack PGP

[Nazareno Vicente Feito <nvfeito () advancedsl com ar>]

He meant nsa.gov, national security agency, not the nasa computers..., 
besides, just a little cluster with a few home pc's can be used to break some 
keys, just kidding, the fact is that if I were to avoid trust someone, I 
would not trust berkeley center, cause the same thing they're doing with 
seti@home they can do with pgp keys, but anyway, paranoia aside, the thing 
with pgp keys it's that there's a rumour (I've heard this back in 2000/2001) 
that the M.I.T guys did have a reverse algorithm tool, quite difficult since 
the keys are randomly generated by events on the host computer, but that 
rumour spreaded and some people stoped trusting pgp and started thinking on 
gpg, which is pretty similar but not the same, besides the algorithm 
restrictions that imposes on non American Computers about the amount of bit 
encryptions, Europe it's quite different about this regulations.


On Tuesday 18 January 2005 08:37 pm, Valentin Höbel wrote:
> for short, as I wrote before, you heave to realise that the data is
> lost, except you know someone who has access to the nasa conmputer
> centers, as Conlan Adams told you before ;)
>
> People wouldn't use PGP if the keys were easy to brake.
>
>
>
>
> ---------- Forwarded message ----------
> From: Conlan Adams <conlan () mebtc org>
> Date: Tue, 18 Jan 2005 10:30:37 -0500
> Subject: RE: Hack PGP
> To: security-basics () securityfocus com
>
>
> Here, I heard these guys can help
>
> http://www.nsa.gov/
>
> :-)
>
> -----Original Message-----
> From: Daniel Persson [mailto:mailto.woden () gmail com]
> Sent: Monday, January 17, 2005 4:30 PM
> To: security-basics () securityfocus com
> Subject: Re: Hack PGP
>
> Well I pretty much knew it was impossible but I had to ask. Well my
> key lenght was 4196 bits so it's quite strong and well when I say wipe
> I mean using a tool that writes zeroes and random data over the disk
> atleast 3-4 passes. So the key and all chanses of opening the files
> are pretty much history. I was just curious if there was anyone that
> had made a try to break it and how far they had come.
>
> Thanks alot for the discussion.
>
> On Mon, 17 Jan 2005 20:33:57 +0100, Andreas Putzo
>
> <andreas () inferno nadir org> wrote:
> > Hello,
> >
> > On Saturday 15 January 2005 07:06, Daniel Persson wrote:
> > > I have a delema that is quite strange but then again feasable. I did
>
> a
>
> > > backup on my system and wiped my harddrive and then installed
> > > everything from scratch.
> > > My problem was that the PGP keys where locked down on my harddrive
>
> and
>
> > > couldn't be copied by the backup system.
> >
> > Bad. Very bad. Keep at least one copy of your secret key on a save
>
> medium,
>
> > eg.  an usb-stick or a disk in your bank deposit box.
> > Facing your problem, i would 1st try, to recover the key from your
> > harddisk. By 'wipe' you mean a simple delete? If so, you _may have a
> > change without paying a lot of money for a forensic professional.
> > You may take a look at sleuthkit[1] or 'The Coroners Toolkit' to look
>
> at
>
> > your HD for deleted files.
> > If the name information for your secret_key is gone, you can possibly
> > identify it on its size.
> > Of course, you have to stop writing to this harddisk immediately! Take
>
> an
>
> > image with 'dd' to another harddisk and work with this image further
>
> on.
>
> > Good luck!
> >
> > Andreas
> >
> > [1] http://www.sleuthkit.org
>
> --
> Daniel Persson
> mailto.woden () gmail com

-- 

Saludos.
Nazareno Vicente Feito