[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scientology tries to break PGP - and



The following message is being returned to its sender because the addressee
does not exist at destination <virgies.com>.

<---- Header information -------------------------------------------->
Received: from relay3.UU.NET (relay3.UU.NET [192.48.96.8]) by
 altmail.holonet.net with ESMTP
       id BAA17972; Sat, 9 Sep 1995 01:50:44 -0700
Received: from toad.com by relay3.UU.NET with SMTP 
       id QQzgkp04297; Sat, 9 Sep 1995 04:49:08 -0400
Received: by toad.com id AA21380; Sat, 9 Sep 95 01:46:19 PDT
Received: from blob.best.net by toad.com id AA21371; Sat, 9 Sep 95 01:46:13
 PDT
Received: from miron.vip.best.com ([email protected]
 [204.156.129.176]) by blob.best.net (8.6.12/8.6.5) with ESMTP id BAA14766;
 Sat, 9 Sep 1995 01:46:04 -0700
Received: (from daemon@localhost) by miron.vip.best.com (8.6.12/8.6.12) id
 BAA01249; Sat, 9 Sep 1995 01:41:32 -0700
Date: Sat, 9 Sep 1995 01:41:32 -0700
Message-Id: <[email protected]>
To: [email protected], [email protected]
Remailed-By: [email protected]
Comments: This message was anonymously remailed. Do not reply
        to the address in the from header, unless you wish to report
        a problem. Thank you.
From: [email protected]
References: <9509081654.AA03407@ch1d157nwk>
Subject: Re: Scientology tries to break PGP - and fails?
Sender: [email protected]
Precedence: bulk

>
>Tom Rollins writes:
>>  If this is the file that the Co$ is trying to crack, then what the
>>  is being asked for is a pass phrase that can be handed to the Co$
>>  that will pass the PGP valid key check and still not decrypt the
>>  data to anything usefull.
>
>Well, I don't have the PGP 'conventional' encryption format memorized, but
>there is probably a constant after the IV that is prepended to the data.  The
>constant is used to determine if the key is correct.  Since the conventional
>encryption runs in CFB mode and there is a full block of random IV at the
>beginning of the file, it is extremely unlikely that a key could be found
>that would properly decrypt only the first two blocks while leaving the rest
>unreadable...
>
>>  If Larry Wollersheim does have the valid key.  It would be a simpler
>>  process to know what fake key to use and work it backwards through
>>  the MD5 to arrive at an ascii string to produce the fake key.
>
>Not really.  Even if you could find an IDEA key that would produce the
>desired output it would be hard to find a passphrase that would produce that
>key when hashed.  One of the properties of one-way hash functions is that it
>is difficult to find a plaintext that produces a given hash.  Hence the term
>'one-way'....  Even if you did find a passphrase (which, if MD5 is strong,
>would require something like 2^64 operations), it would likely be long, have
>8-bit chars, and would be impossible to type in.  It would be tough to
>convince anyone that it was the real passphrase.
>
>
>andrew
>


There was a hack to pgp ui published a while back that would allow
someone decrypting a RSA encrypted file to print out the idea key.

Another feature of the hack allowed someone with the idea key to decrypt
an RSA PGP encrypted file ignoring the RSA headers and using the IDEA
key directly.

Using this software should allow the reciever of an RSA PGP encrypted
file to allow someone else to decrypt it (by giving them the IDEA key)
without exposing the secret key. The IV block check will  allow them to
check that they are using the correct idea key.