info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Nosey Government
8 views
Skip to first unread message
Maximus
Jun 9, 2013, 7:28:20 PM6/9/13
to
Can the government crack PGP or GPG?
Maximus Decimus Meridius
Thor Kottelin
Jun 10, 2013, 2:46:03 AM6/10/13
to
"Maximus" <glad...@thearena.com> wrote in message
news:dq3ar89b78fg90c91...@4ax.com...
dictionary or similar attack? It depends. The longer the key, the better
the passphrase and the shorter (temporally) the need for privacy, the
safer the user would be.
Things an oppressive government certainly could do include:
- breaking into the systems of the sender or the recipient, e.g. to
install a key logger or simply read the plain text messages
- replacing the software with a modified copy providing a back door
- waterboarding the user until he or she provides the keys and
passphrases.
--
Thor Kottelin
http://www.anta.net/
news:dq3ar89b78fg90c91...@4ax.com...
>
> Can the government crack PGP or GPG?
Can they crack the actual encryption, such as through a brute force,
> Can the government crack PGP or GPG?
dictionary or similar attack? It depends. The longer the key, the better
the passphrase and the shorter (temporally) the need for privacy, the
safer the user would be.
Things an oppressive government certainly could do include:
- breaking into the systems of the sender or the recipient, e.g. to
install a key logger or simply read the plain text messages
- replacing the software with a modified copy providing a back door
- waterboarding the user until he or she provides the keys and
passphrases.
--
Thor Kottelin
http://www.anta.net/
Maximus
Jun 10, 2013, 10:29:52 AM6/10/13
to
On Mon, 10 Jun 2013 09:46:03 +0300, "Thor Kottelin" <th...@anta.net>
wrote:
That's pretty good news. I have read that the government has already
cracked pgp. I have also read that it has not and it would take
supercomputers years to break it. I am using GPG with the enigmail
addon in Thunderbird on win764bit. I am trying to find out how to
move the entire keyring over to a thumb drive but the handbook only
has instructions for WinXP.
How would you know if you had a modified version with a backdoor in
it?
Thanks for the reply.
Maximus Decimus Meridius
wrote:
cracked pgp. I have also read that it has not and it would take
supercomputers years to break it. I am using GPG with the enigmail
addon in Thunderbird on win764bit. I am trying to find out how to
move the entire keyring over to a thumb drive but the handbook only
has instructions for WinXP.
How would you know if you had a modified version with a backdoor in
it?
Thanks for the reply.
Maximus Decimus Meridius
Thor Kottelin
Jun 10, 2013, 10:42:40 AM6/10/13
to
"Maximus" <glad...@thearena.com> wrote in message
news:pcobr8ds5ccpp8rjh...@4ax.com...
> How would you know if you had a modified version with a backdoor in
> it?
http://www.gnupg.org/download/integrity_check.en.html.
Peter Schoo
Jun 11, 2013, 4:52:29 PM6/11/13
to
Am 10.06.13 16:29, schrieb Maximus:
many thanks
Peter
> On Mon, 10 Jun 2013 09:46:03 +0300, "Thor Kottelin" <th...@anta.net>
> wrote:
>
>> "Maximus" <glad...@thearena.com> wrote in message
>> news:dq3ar89b78fg90c91...@4ax.com...
>>>
>>> Can the government crack PGP or GPG?
>>
>> Can they crack the actual encryption, such as through a brute force,
>> dictionary or similar attack? It depends. The longer the key, the better
>> the passphrase and the shorter (temporally) the need for privacy, the
>> safer the user would be.
>>
>> Things an oppressive government certainly could do include:
>>
>> - breaking into the systems of the sender or the recipient, e.g. to
>> install a key logger or simply read the plain text messages
>>
>> - replacing the software with a modified copy providing a back door
>>
>> - waterboarding the user until he or she provides the keys and
>> passphrases.
>
> That's pretty good news. I have read that the government has already
> cracked pgp.
would you be so kind and share the source with us?
> wrote:
>
>> "Maximus" <glad...@thearena.com> wrote in message
>> news:dq3ar89b78fg90c91...@4ax.com...
>>>
>>> Can the government crack PGP or GPG?
>>
>> Can they crack the actual encryption, such as through a brute force,
>> dictionary or similar attack? It depends. The longer the key, the better
>> the passphrase and the shorter (temporally) the need for privacy, the
>> safer the user would be.
>>
>> Things an oppressive government certainly could do include:
>>
>> - breaking into the systems of the sender or the recipient, e.g. to
>> install a key logger or simply read the plain text messages
>>
>> - replacing the software with a modified copy providing a back door
>>
>> - waterboarding the user until he or she provides the keys and
>> passphrases.
>
> That's pretty good news. I have read that the government has already
> cracked pgp.
many thanks
Peter
Maximus
Jun 11, 2013, 8:48:47 PM6/11/13
to
On Tue, 11 Jun 2013 22:52:29 +0200, Peter Schoo <p.s...@gmx.net>
wrote:
>Am 10.06.13 16:29, schrieb Maximus:
>> On Mon, 10 Jun 2013 09:46:03 +0300, "Thor Kottelin" <th...@anta.net>
>> wrote:
>>
>>> "Maximus" <glad...@thearena.com> wrote in message
>>> news:dq3ar89b78fg90c91...@4ax.com...
>>>>
>>>> Can the government crack PGP or GPG?
>>>
>>> Can they crack the actual encryption, such as through a brute force,
>>> dictionary or similar attack? It depends. The longer the key, the better
>>> the passphrase and the shorter (temporally) the need for privacy, the
>>> safer the user would be.
>>>
>>> Things an oppressive government certainly could do include:
>>>
>>> - breaking into the systems of the sender or the recipient, e.g. to
>>> install a key logger or simply read the plain text messages
>>>
>>> - replacing the software with a modified copy providing a back door
>>>
>>> - waterboarding the user until he or she provides the keys and
>>> passphrases.
>>
>> That's pretty good news. I have read that the government has already
>> cracked pgp.
>
>would you be so kind and share the source with us?
>
>many thanks
> Peter
I would if I could remember where I read it. It was on the net
somewhere when I was poking around looking for some info. Probably
nothing but ta...@bs.net
Maximus Decimus Meridius
wrote:
>Am 10.06.13 16:29, schrieb Maximus:
>> On Mon, 10 Jun 2013 09:46:03 +0300, "Thor Kottelin" <th...@anta.net>
>> wrote:
>>
>>> "Maximus" <glad...@thearena.com> wrote in message
>>> news:dq3ar89b78fg90c91...@4ax.com...
>>>>
>>>> Can the government crack PGP or GPG?
>>>
>>> Can they crack the actual encryption, such as through a brute force,
>>> dictionary or similar attack? It depends. The longer the key, the better
>>> the passphrase and the shorter (temporally) the need for privacy, the
>>> safer the user would be.
>>>
>>> Things an oppressive government certainly could do include:
>>>
>>> - breaking into the systems of the sender or the recipient, e.g. to
>>> install a key logger or simply read the plain text messages
>>>
>>> - replacing the software with a modified copy providing a back door
>>>
>>> - waterboarding the user until he or she provides the keys and
>>> passphrases.
>>
>> That's pretty good news. I have read that the government has already
>> cracked pgp.
>
>would you be so kind and share the source with us?
>
>many thanks
> Peter
somewhere when I was poking around looking for some info. Probably
nothing but ta...@bs.net
Maximus Decimus Meridius
Khelair
Jul 4, 2013, 5:51:49 AM7/4/13
to Maximus
To: Maximus
Re: Nosey Government
By: Maximus to comp.security.pgp.tech on Sun Jun 09 2013 16:28:20
> Can the government crack PGP or GPG?
If you're seriously skittish about this, you can't really believe any of
the publicized information that is out there. What my suggestion would be is
to revert your keys and encryption program to PGP 2.3a OR 2.6ui (with 2.3a key
generation specified). Zimmerman's PGP 2.3a was the latest version that was
out when the government got scared of how hard it was to crack for the NSA (at
that time it was beyond dozens of years, even for a quick, smaller size key).
At this point the US government ended up reclassifying this encryption software
as a munition and rendered it illegal for usage in the United States. New
versions of PGP were then released using the new, patented RSAREF encryption
algorithm.
If they were that scared of PGP 2.3a, I'd say that's the one that you want
to use. Anything since then has been using this government approved
algorithmic code which almost certainly has to have either built-in back doors
or some sort of attack vulnerability which makes decoding the cyphertext
feasable in a matter of hours or days as opposed to years and up.
-The opinions expressed are not necessarily an advocation of any of the
aforementioned ideologies, concepts, or actions. We still have the freedom of
speech, for now, and I enjoy using it in a satirical or ficticious manner to
amuse myself-
"In times of universal deceit, telling the truth will be a
revolutionary act." -- George Orwell
--- Synchronet 3.16a-OpenBSD NewsLink 1.101
Tinfoil Tetrahedron: telnet://bismaninfo.hopto.org:8023/
Re: Nosey Government
By: Maximus to comp.security.pgp.tech on Sun Jun 09 2013 16:28:20
> Can the government crack PGP or GPG?
the publicized information that is out there. What my suggestion would be is
to revert your keys and encryption program to PGP 2.3a OR 2.6ui (with 2.3a key
generation specified). Zimmerman's PGP 2.3a was the latest version that was
out when the government got scared of how hard it was to crack for the NSA (at
that time it was beyond dozens of years, even for a quick, smaller size key).
At this point the US government ended up reclassifying this encryption software
as a munition and rendered it illegal for usage in the United States. New
versions of PGP were then released using the new, patented RSAREF encryption
algorithm.
If they were that scared of PGP 2.3a, I'd say that's the one that you want
to use. Anything since then has been using this government approved
algorithmic code which almost certainly has to have either built-in back doors
or some sort of attack vulnerability which makes decoding the cyphertext
feasable in a matter of hours or days as opposed to years and up.
-The opinions expressed are not necessarily an advocation of any of the
aforementioned ideologies, concepts, or actions. We still have the freedom of
speech, for now, and I enjoy using it in a satirical or ficticious manner to
amuse myself-
"In times of universal deceit, telling the truth will be a
revolutionary act." -- George Orwell
--- Synchronet 3.16a-OpenBSD NewsLink 1.101
Tinfoil Tetrahedron: telnet://bismaninfo.hopto.org:8023/
Richard
Jul 4, 2013, 9:38:08 AM7/4/13
to
On 06/10/2013 01:28 AM, Maximus wrote:
>
> Can the government crack PGP or GPG?
>
> Maximus Decimus Meridius
>
Why would they bother to crack the encryption algorithm if its easier
>
> Can the government crack PGP or GPG?
>
> Maximus Decimus Meridius
>
to hack into the machine where the private keys are stored?
Just like modern cellular smart phones: Everyone installs all kinds of
(nonsense) applications, and no one is concerned about the security of
existing private keys.
Nomen Nescio
Jul 7, 2013, 5:23:48 PM7/7/13
to
> Can the government crack PGP or GPG?
> If you're seriously skittish about this, you can't really believe any of
> the publicized information that is out there. What my suggestion would be
> is to revert your keys and encryption program to PGP 2.3a OR 2.6ui (with
> 2.3a key generation specified). Zimmerman's PGP 2.3a was the latest
> version that was out when the government got scared of how hard it was to
> crack for the NSA (at that time it was beyond dozens of years, even for a
> quick, smaller size key). At this point the US government ended up
> reclassifying this encryption software as a munition and rendered it
> illegal for usage in the United States. New versions of PGP were then
> released using the new, patented RSAREF encryption algorithm.
OK. What can you say about GnuPG? Everybody able to investigate open source
> the publicized information that is out there. What my suggestion would be
> is to revert your keys and encryption program to PGP 2.3a OR 2.6ui (with
> 2.3a key generation specified). Zimmerman's PGP 2.3a was the latest
> version that was out when the government got scared of how hard it was to
> crack for the NSA (at that time it was beyond dozens of years, even for a
> quick, smaller size key). At this point the US government ended up
> reclassifying this encryption software as a munition and rendered it
> illegal for usage in the United States. New versions of PGP were then
> released using the new, patented RSAREF encryption algorithm.
software. I heard nothing abusive about GnuPG.
Back to PGP 2.3a: what kind of symmetric cyphers he use? CAST5 and DES, I
guess.
--
Maximus
Jul 8, 2013, 12:09:07 PM7/8/13
to
Date: Mon, 08 Jul 2013 09:09:07 -0700
Message-ID: <orolt85issoahh7b6...@4ax.com>
References: <51D545B5.9.u...@bismaninfo.hopto.org>
<dq3ar89b78fg90c91...@4ax.com>
<7f1e560822d7db78...@dizum.com>
User-Agent: ForteAgent/7.10.32.1214
X-Original-From: Nomen Nescio <nob...@dizum.com>
X-Original-Subject: Nosey Government
X-Original-Date: Sun, 7 Jul 2013 23:23:48 +0200 (CEST)
X-Original-Newsgroups: comp.security.pgp.tech
X-Original-Organization: dizum.com - The Internet Problem Provider
X-Original-Message-ID: <7f1e560822d7db78...@dizum.com>
X-Agent-Properties: 0 00000000 0000000b 1 1 1 2 00000004 0000000b 0 1
0 2 00000004 0 1 1370791470 0 0
X-Agent-Defaults: Bcc:e- Cc:e- Newsgroups:f- Subject:f- From:d- To:e-
X-Agent-Format: 1 1 0 0 1 500000 0 0 1 0 "*" 0
X-Intro: "On Sun, 7 Jul 2013 23:23:48 +0200 (CEST), Nomen Nescio
<nob...@dizum.com> wrote:\n"
Hey man, I'm a dummy and you must talk to me in dummy terms or I won't
unnerstand. Does this mean that the government can crack an email
encrypted with a 4096bit GnuPG key?
Thanks again
Message-ID: <orolt85issoahh7b6...@4ax.com>
References: <51D545B5.9.u...@bismaninfo.hopto.org>
<dq3ar89b78fg90c91...@4ax.com>
<7f1e560822d7db78...@dizum.com>
User-Agent: ForteAgent/7.10.32.1214
X-Original-From: Nomen Nescio <nob...@dizum.com>
X-Original-Subject: Nosey Government
X-Original-Date: Sun, 7 Jul 2013 23:23:48 +0200 (CEST)
X-Original-Newsgroups: comp.security.pgp.tech
X-Original-Organization: dizum.com - The Internet Problem Provider
X-Original-Message-ID: <7f1e560822d7db78...@dizum.com>
X-Agent-Properties: 0 00000000 0000000b 1 1 1 2 00000004 0000000b 0 1
0 2 00000004 0 1 1370791470 0 0
X-Agent-Defaults: Bcc:e- Cc:e- Newsgroups:f- Subject:f- From:d- To:e-
X-Agent-Format: 1 1 0 0 1 500000 0 0 1 0 "*" 0
X-Intro: "On Sun, 7 Jul 2013 23:23:48 +0200 (CEST), Nomen Nescio
<nob...@dizum.com> wrote:\n"
unnerstand. Does this mean that the government can crack an email
encrypted with a 4096bit GnuPG key?
Thanks again
Khelair
Aug 7, 2013, 12:40:59 PM8/7/13
to Maximus
To: Maximus
Re: Nosey Government
By: Maximus to comp.security.pgp.tech on Sun Jun 09 2013 16:28:20
Re: Nosey Government
By: Maximus to comp.security.pgp.tech on Sun Jun 09 2013 16:28:20
> Can the government crack PGP or GPG?
Anything since PGP v.2.3a, after which cryptography without the government
approved RSAREF algorithm was deemed a munition, and thus, illegal, certainly.
Maybe they've found a way even for the old algorithm now, too. Without
knowing, your best bet is to use PGP 2.3a or 2.6ui (illegal in the US) to
encrypt (2.6ui set up to use the old 2.3a algorithm), and keep your fingers
crossed. :|
Khelair
Aug 7, 2013, 12:51:46 PM8/7/13
to
To: Nomen Nescio
Re: =?koi8-r?B?Tm9zZXkgR292ZXJubWVudAo=?=
By: Nomen Nescio to comp.security.pgp.tech on Sun Jul 07 2013 23:23:48
> OK. What can you say about GnuPG? Everybody able to investigate open source
> software. I heard nothing abusive about GnuPG.
It is bound by the same US restrictions to use government approved algorithms
in the US. Yeah, it'll keep out your local data thieves and hardware thieves,
but the NSA? Who do you think recommended the approved algorithms in the first
place?
The problem with the open source proof is that while lots of people can
understand the code, very few can understand the mathematics of the actual
cryptographic algorithms. Then you also need somebody who understands the
entire capability of the NSA's classified systems, and who isn't afraid of
going away for life, or worse, to explain that to simple curious privacy
enthusiasts like you and myself.
Unfortunately Mr. Snowden is tough to get ahold of these days, and if you DID
establish contact, no doubt you'd have direct federal oversight in every aspect
of your life, presence announced or not. :|
Don't forget that GnuPG is just a repackaged and relicensed implementation of
PGP's protocols and algorithms.
Re: =?koi8-r?B?Tm9zZXkgR292ZXJubWVudAo=?=
By: Nomen Nescio to comp.security.pgp.tech on Sun Jul 07 2013 23:23:48
> OK. What can you say about GnuPG? Everybody able to investigate open source
> software. I heard nothing abusive about GnuPG.
in the US. Yeah, it'll keep out your local data thieves and hardware thieves,
but the NSA? Who do you think recommended the approved algorithms in the first
place?
The problem with the open source proof is that while lots of people can
understand the code, very few can understand the mathematics of the actual
cryptographic algorithms. Then you also need somebody who understands the
entire capability of the NSA's classified systems, and who isn't afraid of
going away for life, or worse, to explain that to simple curious privacy
enthusiasts like you and myself.
Unfortunately Mr. Snowden is tough to get ahold of these days, and if you DID
establish contact, no doubt you'd have direct federal oversight in every aspect
of your life, presence announced or not. :|
Don't forget that GnuPG is just a repackaged and relicensed implementation of
PGP's protocols and algorithms.
Khelair
Aug 7, 2013, 12:52:35 PM8/7/13
to Maximus
To: Maximus
Re: Re: Nosey Government
By: Maximus to comp.security.pgp.tech on Mon Jul 08 2013 09:09:07
> Hey man, I'm a dummy and you must talk to me in dummy terms or I won't
> unnerstand. Does this mean that the government can crack an email
> encrypted with a 4096bit GnuPG key?
Yes, if they feel the need to.
Re: Re: Nosey Government
By: Maximus to comp.security.pgp.tech on Mon Jul 08 2013 09:09:07
> Hey man, I'm a dummy and you must talk to me in dummy terms or I won't
> unnerstand. Does this mean that the government can crack an email
> encrypted with a 4096bit GnuPG key?
Cypherpunk
Sep 8, 2013, 9:36:06 AM9/8/13
to
On 08/07/2013 11:52 AM, Khelair wrote:
> To: Maximus
> Re: Re: Nosey Government
> By: Maximus to comp.security.pgp.tech on Mon Jul 08 2013 09:09:07
>
> > Hey man, I'm a dummy and you must talk to me in dummy terms or I won't
> > unnerstand. Does this mean that the government can crack an email
> > encrypted with a 4096bit GnuPG key?
>
> Yes, if they feel the need to.
Sorry, but this is complete unfounded rubbish! Can you provide any
> To: Maximus
> Re: Re: Nosey Government
> By: Maximus to comp.security.pgp.tech on Mon Jul 08 2013 09:09:07
>
> > Hey man, I'm a dummy and you must talk to me in dummy terms or I won't
> > unnerstand. Does this mean that the government can crack an email
> > encrypted with a 4096bit GnuPG key?
>
> Yes, if they feel the need to.
evidence that the government can actually crack a 4096 bit PGP key? I'm
not talking about compromising the endpoint here but actually capturing
the traffic and breaking the ciphertext down to plaintext again.
Cypherpunk
Cypherpunk
Sep 8, 2013, 9:41:10 AM9/8/13
to
On 07/08/2013 11:09 AM, Maximus wrote:
>
>>> Can the government crack PGP or GPG?
>
>
>>> Can the government crack PGP or GPG?
>
> Hey man, I'm a dummy and you must talk to me in dummy terms or I won't
> unnerstand. Does this mean that the government can crack an email
> encrypted with a 4096bit GnuPG key?
There is absolutely no evidence that the government can crack a 4096 bit
> unnerstand. Does this mean that the government can crack an email
> encrypted with a 4096bit GnuPG key?
PGP key. None at all. The problem we in the crypo community face isn't
so much the danger of cracking keys but rather the government doing an
end-run around security.
For example: you have a strong 4096 bit key with a good passphrase. That
key is safe. It's not likely to be cracked using current technology;
even what's available to the NSA. However, if you use Windows, there
might be a built in hole that allows the NSA entry into your computer.
So they can come in through that hole, install a keylogger, and get a
copy of everything you're typing *before* you encrypt it.
Aside from influencing commercial companies to deliberately weaken their
crypto systems, this seems to be what the NSA is primarily doing. They
might not be able to break your key but they can 1) get in through a
deliberate backdoor in software or 2) find a side-channel attack on the
underlying algorithm.
Hope this helps.
Regards,
Cypherpunk
0 new messages