1. Forum
  2. FidoNet
  3. PUBLIC KEYS

  • who would fall for this?

    From August Abolins@2:221/1.58 to All on Mon Mar 1 22:35:00 2021
    Hello All!

    It seems like a bad idea to go ahead and fill in the blanks on
    this page!

    https://www.igolder.com/PGP/decryption/

    --
    ../|ug

    --- OpenXP 5.0.49
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From Tommi Koivula@2:221/6 to August Abolins on Tue Mar 2 10:51:24 2021
    Hello, August Abolins.
    On 01/03/2021 22.35 you wrote:

    Hello All!
    It seems like a bad idea to go ahead and fill in the blanks on
    this page!
    https://www.igolder.com/PGP/decryption/

    "enter your private PGP key"... :)

    --
    Tommi

    --- HotdogEd/2.13.5 (Android; Google Android; rv:1) Hotdoged/1608604259000 HotdogEd/2.13.5
    * Origin: nntps://news.fidonet.fi - Lake Ylo - Finland (2:221/6.0)
  • From August Abolins@2:221/1.58 to Tommi Koivula on Tue Mar 2 08:33:00 2021
    https://www.igolder.com/PGP/decryption/

    "enter your private PGP key"... :)


    I was just moving my own keys from one of a pc to my Blackberry
    when something interesting occurred to me. First of all, my
    opengpg prompted for my existing passphrase *before* it would
    E)xport the key. Secondly, even if someone had the key in their
    possession, they would need to know the passphrase to use it.

    So, it seems that *just* having the private key block (without
    also knowing the passphrase) is not very useful to anyone.


    --
    ../|ug

    --- OpenXP 5.0.49
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Mar 2 14:37:59 2021
    Hi August,

    On 2021-03-02 08:33:00, you wrote to Tommi Koivula:

    "enter your private PGP key"... :)

    I was just moving my own keys from one of a pc to my Blackberry
    when something interesting occurred to me. First of all, my
    opengpg prompted for my existing passphrase *before* it would
    E)xport the key. Secondly, even if someone had the key in their possession, they would need to know the passphrase to use it.

    So, it seems that *just* having the private key block (without
    also knowing the passphrase) is not very useful to anyone.

    Some people save their private key without a password, for easy usage. Sometimes you "need" to save it without a password when you need to use it from automated scripts.

    And when a key has a simple password, it would be possible to brute force finding the password...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tue Mar 2 09:16:00 2021
    So, it seems that *just* having the private key block
    (without also knowing the passphrase) is not very useful
    to anyone.

    Some people save their private key without a password, for
    easy usage.

    Easy, but very unwise. Otherwise, what's the point? Yeah..
    some people deserve to be compromised, I guess.

    Sometimes you "need" to save it without a
    password when you need to use it from automated scripts.

    Scripting.. never thought of that. But I seem to recall that
    there are ways to pass the passphrase via a variable or
    something which would be better than having no passphrase at
    all.

    And when a key has a simple password, it would be possible
    to brute force finding the password...

    I wish I could remember what I used for:

    pub 512R/246249F7 1994-02-16
    Fingerprint=BC 1B B6 D5 15 AC F1 D4 F2 B4 0F A2 D6 31 7F 53

    I'm pretty sure that's me as "abolins" when you do a key search.

    I know that I have the private key stored on a 3.5" diskette -
    somewhere. I used pgp to email TODO lists to myself from home
    to work and back. I don't think I could brute force the secret
    if I tried. It was a modified latvian phrase. The key is what
    did I do to tweak the phrase?
    --
    ../|ug

    --- OpenXP 5.0.49
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From Wilfred van Velzen@2:280/464 to August Abolins on Tue Mar 2 17:32:07 2021
    Hi August,

    On 2021-03-02 09:16:00, you wrote to me:

    Sometimes you "need" to save it without a
    password when you need to use it from automated scripts.

    Scripting.. never thought of that. But I seem to recall that
    there are ways to pass the passphrase via a variable or
    something which would be better than having no passphrase at
    all.

    Yes. But it's more work... People are lazy.

    And when a key has a simple password, it would be possible
    to brute force finding the password...

    I wish I could remember what I used for:

    pub 512R/246249F7 1994-02-16
    Fingerprint=BC 1B B6 D5 15 AC F1 D4 F2 B4 0F A2 D6 31 7F 53

    I'm pretty sure that's me as "abolins" when you do a key search.

    I know that I have the private key stored on a 3.5" diskette -
    somewhere. I used pgp to email TODO lists to myself from home
    to work and back. I don't think I could brute force the secret
    if I tried. It was a modified latvian phrase. The key is what
    did I do to tweak the phrase?

    Talk to your local NSA office. Maybe they can help? ;-)

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Jay Harris@1:229/664 to Wilfred van Velzen on Tue Mar 2 12:46:54 2021
    *** Quoting Wilfred van Velzen from a message to August Abolins ***

    Talk to your local NSA office. Maybe they can help? ;-)

    https://www.backblaze.com/blog/wp-content/uploads/2013/10/nsadata.jpg


    Jay

    ... Count Dracula - your Bloody Mary is ready...

    --- Telegard v3.09.g2-sp4/mL
    * Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (1:229/664)
  • From August Abolins@2:221/1.58 to Wilfred van Velzen on Tue Mar 2 19:13:00 2021
    I wish I could remember what I used for:

    pub 512R/246249F7 1994-02-16
    Fingerprint=BC 1B B6 D5 15 AC F1 D4 F2 B4 0F A2 D6 31 7F 53


    Talk to your local NSA office. Maybe they can help? ;-)

    Ha! Good one.

    I doubt that any of my secret messages from 1994-1995 exist
    anywhere anyway. Also the 512-bit key wouldn't be wise to use
    today.


    --
    ../|ug

    --- OpenXP 5.0.49
    * Origin: Key ID = 0x5789589B (2:221/1.58)
  • From Tommi Koivula@2:221/360 to Wilfred van Velzen on Wed Mar 3 13:52:49 2021
    On 2.3.2021 18.32, Wilfred van Velzen wrote:

    Talk to your local NSA office. Maybe they can help? ;-)

    Also Google may help? :-)

    There was a finnish tv series last year where the finnish police wondered if they could listen to the phone of the bad guy... One policeman had a friend in NSA, and they got the recordings. ;)

    'Tommi

    --- Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
  • From Daniel Path@2:371/52 to Tommi Koivula on Wed Mar 3 15:02:40 2021
    Hello Tommi.

    03 Mar 21 13:52, you wrote to Wilfred van Velzen:

    On 2.3.2021 18.32, Wilfred van Velzen wrote:

    Talk to your local NSA office. Maybe they can help? ;-)

    Also Google may help? :-)

    There was a finnish tv series last year where the finnish police
    wondered if they could listen to the phone of the bad guy... One
    policeman had a friend in NSA, and they got the recordings. ;)

    Which series is that?

    --
    Daniel

    --- GoldED+/EMX 1.1.4.7
    * Origin: Roon's BBS - Budapest, HUNGARY (2:371/52)
  • From Tommi Koivula@2:221/360 to Daniel Path on Wed Mar 3 19:24:48 2021
    Hi Daniel.

    03 Mar 21 15:02:40, you wrote to me:

    Talk to your local NSA office. Maybe they can help? ;-)

    Also Google may help? :-)

    There was a finnish tv series last year where the finnish police
    wondered if they could listen to the phone of the bad guy... One
    policeman had a friend in NSA, and they got the recordings. ;)

    Which series is that?

    I think it was "Ratamo".

    'Tommi

    ---
    * Origin: rbb.fidonet.fi (2:221/360)