lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <optid.1779d9c451.58DB1B68E62B9F448DF1A276B0886DF12DB546EB@EX2010.hammerofgod.com>
Date: Sat, 12 Jun 2010 14:55:54 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: Benji <me@...ji.com>, Larry Seltzer <larry@...ryseltzer.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: My private key

It will be a bit harder than that in this case ;)

That’s the private key necessary to decrypt the second file I sent out.  I’ve written a cool encryption program that basically allows me to keep whatever I want “in the cloud” secure.  Granted, I really shouldn’t post my private key, but in this case, it is AES-256 encrypted via a password with a 16 byte salt (then converted to base64 so that it is fully portable).  Yes, the salt is included with the private key XML (I call it a “fob”) but each fob has its own unique salt.

With that private key, I can decrypt the RSA2048 encrypted random AES256 key that is stored in the encrypted file XML (and the IV).   So I’ve got my “secret data” encrypted within the “TGP Container” XML and the private key in the other file.  What’s cool is that I don’t have to worry about storing it anywhere – the internet (“the cloud”) does it for me.  That email is already on about 5 different archive lists.  No matter where I am, all I have to do is find a browser somewhere, search for my file, and copy and paste the bits into my TGP client.   It’s totally portable, totally secure, “cloud” encryption.

Of course, TGP is free, just like all the crap I write and post.  I’m working up the documentation now – I’ll post details and the binary later.

t

From: Benji [mailto:me@...ji.com]
Sent: Saturday, June 12, 2010 5:50 AM
To: Larry Seltzer
Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] My private key

And then gets his identity stolen?

Sent from my iPhone

On 12 Jun 2010, at 12:12, Larry Seltzer <larry@...ryseltzer.com<mailto:larry@...ryseltzer.com>> wrote:
Oh cool, this is like those TV ads where the guy parades his social security # around, right?

From: full-disclosure-bounces@...ts.grok.org.uk<mailto:full-disclosure-bounces@...ts.grok.org.uk> [mailto:full-disclosure-bounces@...ts.grok.org.uk<mailto:full-disclosure-bounces@...ts.grok.org.uk>] On Behalf Of Thor (Hammer of God)
Sent: Friday, June 11, 2010 11:33 PM
To: full-disclosure@...ts.grok.org.uk<mailto:full-disclosure@...ts.grok.org.uk>
Subject: [Full-disclosure] My private key

This is my private key.  I’ll explain later.

<?xml version="1.0"?>

<!--TGP - Thor's Godly Privacy: KeyFob XML Document-->

<KeyFobs><KeyFobName>TGP

<FobName>PrivateTest</FobName>

<PublicKey></PublicKey>

<EncPrivateKey>kUnv1MSq305Ebj8lSJbdMhJ03/mXU/eUrydhzbdrlksE2zwpdfnfuWbUXb4Tz8BibUXI3drAMx1llXwCArSP9zKblfOB78owYLp1haY8+yx+ZhKLv0s7y7WpdKdFzQxNeOBCdsz7mIUwgc8rGsyl4/3t/rA04IfkyZHRPwXpOz5YBnTHaVoo2gSZdR6xGk27Tq59PZNsb+z2BiMozKA6s3vXY/mKzPoMhm0hpOPCxx6Ho2QmYJHuPbOr2tLlFr6ICPyiAWZFw/g+qNBDST0LrQVHh6R0yAu15mo7L2R5WlERhOGTx8+/Y7pXWvH1sqxnLKUZ6sEqt2+zlW0lUYyvvpgDTabOvuHmsvZz3WthvdV8C0iManQkmSHQpaDKkzuYc8wv3Zz7uHbLTupEBA3MEckNXLvIwFRG6KGetLVG43Nxj/vhXQJjrBTEXB6Cnaf+Q+AKwhPDRv8e5lRcHoGK8jB59uLRx3DKUg6NC70Xr4do0sSWGCNdOtEVMVZuARiHgEtzzRnabQJDn6f8Mc2S+HKOvLxBnG4SBdYu1uWE/s7z8ygn8ROqWv5EN2R5Yo46ihB4NTHOg5CgiNO/QDTaXPqqMR1V7sVvdRLiME51X0fn/EFqD2+BmetpyiAb/QRQZvjHYkZgSi06nMTZ0u847nMnerlAsleak3NJuLH3au2YMIQ9UIMrUSWrtFsU99Xljje5lnQ2hKnwZUe3xpmXmo2Mm+3KOmw0/9cirHemcL9wcMd1ywCQjWwvcug+yIjU8UseLKtrH2se+VZB3EjagpH1SKOtroyH29lOrg45Q25EkE1Pk0xF+CdOL4pEmBFzw5Gxw6vkEzmWmMwmeCLKYD+dPP9TqsQM1V7czKeV/zUL3hSeO8svJdNHbNCN4fWI5STtEvdhSLh41S39HbIVOQbhAjAoD7LalhQRiTugkLLuqtmF8amGyAHmGA9aAldE0U28DHakcAKRWSPUTEluvWSTcnREgIpKAf7WSpUYqWq53Ht/c6HiZ2S+RgW4N8LCpIR8VCyxkfW46wzQVgurPP/UiddBZmzG0KpbYmktXNfb5L6SiECEpXfPQSoqjVqX7QYC/YjcvVUhIbtTddNJ8Tpsrno55gq+3fSx7nmKd1SDjjGl7z+2or/2d9GRe063ZnYg7GNjqjYN/wDZIuROUhKGYKF5+JhMU7UNZuuGy6P6NSWdJNwvnRcUu7WPOWO4WZocDmsY98PuvQt6FGjn+yIi3xYlNkvajxZDiAUUapM9CJssi1cmdpLasaCGdvKnXdDBQBGGdmHZuvkWLKGRIp6h1hTqlnt1Rne+04JaaQ4wGxxt4pKyVZoJinS35rrLuIsCr9Pa2HcSHUWcLMhG3Qpt7auZBU2m50EPNtqLgFGx8CQmGRD9EiLN/fqjc9j+GWWT/BeJrYXBUgkPWHTaDyIm+okMEQue1Zl59UYxFKhUeCM2b8PksoDWn851lgFO5EjPZ9mbGny9OAE9WzxdmpqnOaq6qYxuusg/9H/heQ6IjydPhUhH5FZl+e7q/n+nLDtuXjgkd/776T0SohGqIA88TKFNba9LpyhDKOO26uaK1GpGb/4gRgs+kLTdd2AYfW1u8nWO1Ug3/7WZ89inByJNtI5eHqyxPl7cTVl3WhSuGLcxfQnb+ajx8yZpBhrNtz7jC4T8xZm8rh2FVhV7Qu4l3VosSJh/giSrGmC55Mau9X1/K2tsDJuPOLibK3ZYSi4ZlAAuktLBDjomX3dbfNuvK5FthP+rjvfVAg8bRHvReTnsQ/cA2iMW11blCE42HcnSyq/ulFkch+Y6vlSNhNR+Crh5nXrXixaFDcA8hO3PjPHp5ocRGbZMXtBf3xptrFmfga9nMvzdJS5VminYHlV4kgh7HK8L+uh38UqVir/Dusj9JtJMxYzVZWmAqO2JO+rKdPdzXNEm896O/uF6zlgoHIG64HRE8I+NAyxxew8rN5lyIWFqhsx058sGsIiWoX7yAL4CIY8mgSsP4tR2wzBh2UhSlqwdSsUt/Flkk/cwS+8jrkIGxLDNHvcRqFlrH3iydqkz3LwUCproQrNZQ7sI2Wjmcsw+bETAVvRQhkvYdxUghGxZqM5MxjonuUrZ1fNWxFkQsaa9gJu1TK7lGIXtSA2RkS2HwYBNpp74fYpLiKSTeRMeMdmrClQ3CdHjv1epn6TZrqFtpvaMwVb5EbSzBSzmkSIKGtkP6ZOD6vItsp1Lkpvx0XeIEgY3sACUS+RhYiLxZF1XEDQXxbyNNl28XeQmL/v3qq3NlyviO8NqfttLHyl7tRc3Llx0LBjc2d34CEXFB19aFj2LHNG7Y1lpgOjKYjxRsFyy3I9Q3d3TUKWXqbgATYdc3UFT0OyRVXuFK2CRKO0T1JjH30m58RRw29Zsn6BLKxIPavwLD+MVxSeukYhD4Vr3j/Ke/yyklJMTpNqw+UQey9+Xu3hoVw==</EncPrivateKey>

<KeyHash>ir3Co+lV+P6GnGKKlCOeKOtyex/b0p2fNHgoIhuW9Ek=</KeyHash>

<KeyNaCl>d9OkMGXGWswbSqhxw2VsUw==</KeyNaCl>
</KeyFobName></KeyFobs
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ