[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP implements Key Recovery today!
Bill Stewart <[email protected]> writes:
> PGP has provided a key recovery option for several years. You can
> either use the EncryptToSelf option, or use multiple recipients,
For a press worthy hack, it would be fun to extract an NSA RSA public
key from some GAKked software, and format it as a PGP key.
Then people can use key escrow if they wish (second recipient NSA).
And they can feed the NSA misinformation, stegoed data, double
encrypted PGP messages, anti GAK flames, and they might even feel
obliged to decrypt, and read it all :-)
I read some time ago about Lotus Notes which uses RSA and has GAK, was
this press release fodder, or does the product currently exist in it's
GAKked form? Are the other GAKked products?
Is there anyone with a GAKked product, and the patience to reverse
engineer for the GAK key?
I guess if you do get an RSA key for the NSA, then you can choose an
email for them to put on the PGP keyid:
NSA <[email protected]>
(a real working email address would be better, if that one isn't
good), and get it signed by a timestamping service (persuade the owner
to sign in the form of a key certification).
Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)