RE: Hack PGP

["Pablo Hauser" <pablohauser () yahoo com ar>]

I think he said NASA computers because of the supercomputing mainframes
they have there...
www.nas.nasa.gov/About/Projects/Columbia/columbia.html

;)
 
__________________________________________________

Pablo D. Hauser

LeXXoN Solutions
www.lexxonsolutions.com.ar
 
 
 



-----Mensaje original-----
De: nvfeito () advancedsl com ar [mailto:nvfeito () advancedsl com ar] 
Enviado el: Martes, 18 de Enero de 2005 18:56
Para: security-basics () securityfocus com
Asunto: Re: Hack PGP


He meant nsa.gov, national security agency, not the nasa computers..., 
besides, just a little cluster with a few home pc's can be used to break
some 
keys, just kidding, the fact is that if I were to avoid trust someone, I

would not trust berkeley center, cause the same thing they're doing with

seti@home they can do with pgp keys, but anyway, paranoia aside, the
thing 
with pgp keys it's that there's a rumour (I've heard this back in
2000/2001) 
that the M.I.T guys did have a reverse algorithm tool, quite difficult
since 
the keys are randomly generated by events on the host computer, but that

rumour spreaded and some people stoped trusting pgp and started thinking
on 
gpg, which is pretty similar but not the same, besides the algorithm 
restrictions that imposes on non American Computers about the amount of
bit 
encryptions, Europe it's quite different about this regulations.


On Tuesday 18 January 2005 08:37 pm, Valentin Höbel wrote:
> for short, as I wrote before, you heave to realise that the data is 
> lost, except you know someone who has access to the nasa conmputer 
> centers, as Conlan Adams told you before ;)
>
> People wouldn't use PGP if the keys were easy to brake.
>
>
>
>
> ---------- Forwarded message ----------
> From: Conlan Adams <conlan () mebtc org>
> Date: Tue, 18 Jan 2005 10:30:37 -0500
> Subject: RE: Hack PGP
> To: security-basics () securityfocus com
>
>
> Here, I heard these guys can help
>
> http://www.nsa.gov/
>
> :-)
>
> -----Original Message-----
> From: Daniel Persson [mailto:mailto.woden () gmail com]
> Sent: Monday, January 17, 2005 4:30 PM
> To: security-basics () securityfocus com
> Subject: Re: Hack PGP
>
> Well I pretty much knew it was impossible but I had to ask. Well my 
> key lenght was 4196 bits so it's quite strong and well when I say wipe

> I mean using a tool that writes zeroes and random data over the disk 
> atleast 3-4 passes. So the key and all chanses of opening the files 
> are pretty much history. I was just curious if there was anyone that 
> had made a try to break it and how far they had come.
>
> Thanks alot for the discussion.
>
> On Mon, 17 Jan 2005 20:33:57 +0100, Andreas Putzo
>
> <andreas () inferno nadir org> wrote:
> > Hello,
> >
> > On Saturday 15 January 2005 07:06, Daniel Persson wrote:
> > > I have a delema that is quite strange but then again feasable. I 
> > > did
>
> a
>
> > > backup on my system and wiped my harddrive and then installed 
> > > everything from scratch. My problem was that the PGP keys where 
> > > locked down on my harddrive
>
> and
>
> > > couldn't be copied by the backup system.
> >
> > Bad. Very bad. Keep at least one copy of your secret key on a save
>
> medium,
>
> > eg.  an usb-stick or a disk in your bank deposit box. Facing your 
> > problem, i would 1st try, to recover the key from your harddisk. By 
> > 'wipe' you mean a simple delete? If so, you _may have a change 
> > without paying a lot of money for a forensic professional. You may 
> > take a look at sleuthkit[1] or 'The Coroners Toolkit' to look
>
> at
>
> > your HD for deleted files.
> > If the name information for your secret_key is gone, you can 
> > possibly identify it on its size. Of course, you have to stop 
> > writing to this harddisk immediately! Take
>
> an
>
> > image with 'dd' to another harddisk and work with this image further
>
> on.
>
> > Good luck!
> >
> > Andreas
> >
> > [1] http://www.sleuthkit.org
>
> --
> Daniel Persson
> mailto.woden () gmail com

-- 

Saludos.
Nazareno Vicente Feito