Re: Key Signing

[Robert Hettinga <rah@shipwright.com>]

At 5:03 am -0500 on 11/14/97, Anonymous wrote:


>   I was testing the procedure outlined in Epilogue 5 of InfoWar
> on a friend's machine and, sure enough, I got PGP 2.62 to spit
> out the private key he had created as Necessarily Knott, ME.

True confession time. Last March, when I was clearly still figuring PGP
out, while experimenting with a nameless Mac PGP crypto package (hint, it
wasn't built here on this side of the pond) based on 2.6.2, I accidentally
exported my private key and sent it to someone famous so they could sign
it.

Fortunately, that person (hint, he knew PRZ, once, and got in trouble for
it) physically showed up to visit me where I was working at the time, and
stood over me while I genned up a new private key (I went to 2048 then) and
revoked the old one, talking all the time about how many ways he could do a
dictionary for the passphrase... I was feeling pretty stupid until he told
me that PRZ did the same thing, back when they were playing with the
original version of PGP. Actually, I still felt stupid after that.

Believe it... or not.

So, anyone want to bet that this key was done the same way?

Except, how was Bill able to change the passphrase if he didn't know the
old one?

Curiouser and curiouser...

Cheers,
Bob Hettinga


-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>