• Re: who would fall for this?

    From Wilfred van Velzen@2:280/464 to August Abolins on Tue Mar 2 14:37:58 2021
    Hi August,

    On 2021-03-02 08:33:00, you wrote to Tommi Koivula:

    "enter your private PGP key"... :)

    I was just moving my own keys from one of a pc to my Blackberry
    when something interesting occurred to me. First of all, my
    opengpg prompted for my existing passphrase *before* it would
    E)xport the key. Secondly, even if someone had the key in their possession, they would need to know the passphrase to use it.

    So, it seems that *just* having the private key block (without
    also knowing the passphrase) is not very useful to anyone.

    Some people save their private key without a password, for easy usage. Sometimes you "need" to save it without a password when you need to use it from automated scripts.

    And when a key has a simple password, it would be possible to brute force finding the password...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tue Mar 2 09:16:00 2021
    So, it seems that *just* having the private key block
    (without also knowing the passphrase) is not very useful
    to anyone.

    Some people save their private key without a password, for
    easy usage.

    Easy, but very unwise. Otherwise, what's the point? Yeah..
    some people deserve to be compromised, I guess.

    Sometimes you "need" to save it without a
    password when you need to use it from automated scripts.

    Scripting.. never thought of that. But I seem to recall that
    there are ways to pass the passphrase via a variable or
    something which would be better than having no passphrase at
    all.

    And when a key has a simple password, it would be possible
    to brute force finding the password...

    I wish I could remember what I used for:

    pub 512R/246249F7 1994-02-16
    Fingerprint=BC 1B B6 D5 15 AC F1 D4 F2 B4 0F A2 D6 31 7F 53

    I'm pretty sure that's me as "abolins" when you do a key search.

    I know that I have the private key stored on a 3.5" diskette -
    somewhere. I used pgp to email TODO lists to myself from home
    to work and back. I don't think I could brute force the secret
    if I tried. It was a modified latvian phrase. The key is what
    did I do to tweak the phrase?
    --
    ../|ug

    --- OpenXP 5.0.49
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tue Mar 2 19:13:00 2021
    I wish I could remember what I used for:

    pub 512R/246249F7 1994-02-16
    Fingerprint=BC 1B B6 D5 15 AC F1 D4 F2 B4 0F A2 D6 31 7F 53


    Talk to your local NSA office. Maybe they can help? ;-)

    Ha! Good one.

    I doubt that any of my secret messages from 1994-1995 exist
    anywhere anyway. Also the 512-bit key wouldn't be wise to use
    today.


    --
    ../|ug

    --- OpenXP 5.0.49
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Wed Mar 3 13:52:48 2021
    On 2.3.2021 18.32, Wilfred van Velzen wrote:

    Talk to your local NSA office. Maybe they can help? ;-)

    Also Google may help? :-)

    There was a finnish tv series last year where the finnish police wondered if they could listen to the phone of the bad guy... One policeman had a friend in NSA, and they got the recordings. ;)

    'Tommi

    --- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Daniel Path@2:371/52 to Tommi Koivula on Wed Mar 3 15:02:40 2021
    Hello Tommi.

    03 Mar 21 13:52, you wrote to Wilfred van Velzen:

    On 2.3.2021 18.32, Wilfred van Velzen wrote:

    Talk to your local NSA office. Maybe they can help? ;-)

    Also Google may help? :-)

    There was a finnish tv series last year where the finnish police
    wondered if they could listen to the phone of the bad guy... One
    policeman had a friend in NSA, and they got the recordings. ;)

    Which series is that?

    --
    Daniel

    --- GoldED+/EMX 1.1.4.7
    * Origin: Roon's BBS - Budapest, HUNGARY (2:371/52)