¯¯\\---/¯¯ ßå-ßå-ßå-ßî$ÞÎN!
On 07/29/2014 08:47 PM, pedro.mar...@ml1.net wrote:
On 07/29/2014 07:02 PM, Peter Lebbing wrote:
On 28/07/14 23:35, pedro.mar...@ml1.net wrote:
4) Damage my private key. (Ex: inverse X and X line, Replace X and X
characters, etc.)
This is a really, really bad idea. Please don't invent your own crypto.
For instance, I only need one seventh of your secret RSA key to fully
reconstruct it using the public key I also have! Looky here at an RSA
private key{1}:
:secret key packet:
version 4, algo 1, created 1300458324, expires 0
skey[0]: [2048 bits]
skey[1]: [17 bits]
skey[2]: [2046 bits]
skey[3]: [1024 bits]
skey[4]: [1024 bits]
skey[5]: [1024 bits]
I myself can reconstruct your private key if I either have skey[3] or
skey[4]. I can decrypt your messages if I just have skey[2]. And I think
someone who actually knows his stuff can do it with skey[5]; I might be
able too if I read up on the Chinese Remainder Theorem{2}.
And I can see whether it worked or not, so I can just take the one you
didn't damage.
Again: give me your public key and the 1024 bits of skey[3] and I can
compute your private key. Using only a seventh of the whole secret key
packet. And this "secret key packet" isn't even the full secret key that
you are wilfully damaging; there are even more packets in there,
including completely harmless ones that won't bother an attacker the
slightest bit. You might make the attacker laugh, though.
Don't be creative! You need either a good passphrase or good physical
protection or both, not some mangling of data.
I wasn't aware of this, thanks for the info!
("i made good" to ask here before doing creative stuff.. haha )
Pedro Markov,
or not?~
Oh, the suspense! Are you Pedro, .... or not? Tadadadaaaaa..... ;)
Oh, I see it. The ~ is a logical not, so it's a double inverse, so
either you're Pedro or you converted Pedro to a boolean, depending on
whether you ask a logician or a C programmer...
This one was funny!, should i respond or let the suspense? xD
I 13iu1ccy 81i5 c, 9 ausi 4o uyi8on uro7r1mm9n7 1n4 21s8 so i85
3omm5ni w1s 6unny :)
T89s 19n'i my r51c n1m5, 9 ausi 4on'i c9b5 my n1m5 1n4 5m19c io 25
uu2c9s8 ov5r i85
uu2c93 9ni5rn5i 2531us5 i85 m19c9n7 c9sis :)
HTH,
Peter.
{1} To reproduce: make a test key that you don't password protect.
Suppose the key ID of your test key is AB1256CD34, enter the following:
$ gpg2 --export-secret-key AB1256CD34 | gpg2 --list-packets
But first understand what that command does, because you shouldn't type
in commands that strangers tell you to type in.
{2} For context for people who know what I'm talking about but don't
know the order of components by heart, the 5 MPI's are, in order: n, e,
d, p, q and u (u = p^-1 mod q).
I'll really check this its seems pretty interesting
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
