| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Jun 2010 14:55:54 +0000
From: "Thor (Hammer of God)" <Thor@...merofgod.com>
To: Benji <me@...ji.com>, Larry Seltzer <larry@...ryseltzer.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: My private key
It will be a bit harder than that in this case ;)
That’s the private key necessary to decrypt the second file I sent out. I’ve written a cool encryption program that basically allows me to keep whatever I want “in the cloud” secure. Granted, I really shouldn’t post my private key, but in this case, it is AES-256 encrypted via a password with a 16 byte salt (then converted to base64 so that it is fully portable). Yes, the salt is included with the private key XML (I call it a “fob”) but each fob has its own unique salt.
With that private key, I can decrypt the RSA2048 encrypted random AES256 key that is stored in the encrypted file XML (and the IV). So I’ve got my “secret data” encrypted within the “TGP Container” XML and the private key in the other file. What’s cool is that I don’t have to worry about storing it anywhere – the internet (“the cloud”) does it for me. That email is already on about 5 different archive lists. No matter where I am, all I have to do is find a browser somewhere, search for my file, and copy and paste the bits into my TGP client. It’s totally portable, totally secure, “cloud” encryption.
Of course, TGP is free, just like all the crap I write and post. I’m working up the documentation now – I’ll post details and the binary later.
t
From: Benji [mailto:me@...ji.com]
Sent: Saturday, June 12, 2010 5:50 AM
To: Larry Seltzer
Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] My private key
And then gets his identity stolen?
Sent from my iPhone
On 12 Jun 2010, at 12:12, Larry Seltzer <larry@...ryseltzer.com<mailto:larry@...ryseltzer.com>> wrote:
Oh cool, this is like those TV ads where the guy parades his social security # around, right?
From: full-disclosure-bounces@...ts.grok.org.uk<mailto:full-disclosure-bounces@...ts.grok.org.uk> [mailto:full-disclosure-bounces@...ts.grok.org.uk<mailto:full-disclosure-bounces@...ts.grok.org.uk>] On Behalf Of Thor (Hammer of God)
Sent: Friday, June 11, 2010 11:33 PM
To: full-disclosure@...ts.grok.org.uk<mailto:full-disclosure@...ts.grok.org.uk>
Subject: [Full-disclosure] My private key
This is my private key. I’ll explain later.
<?xml version="1.0"?>
<!--TGP - Thor's Godly Privacy: KeyFob XML Document-->
<KeyFobs><KeyFobName>TGP
<FobName>PrivateTest</FobName>
<PublicKey></PublicKey>
<EncPrivateKey>kUnv1MSq305Ebj8lSJbdMhJ03/mXU/eUrydhzbdrlksE2zwpdfnfuWbUXb4Tz8BibUXI3drAMx1llXwCArSP9zKblfOB78owYLp1haY8+yx+ZhKLv0s7y7WpdKdFzQxNeOBCdsz7mIUwgc8rGsyl4/3t/rA04IfkyZHRPwXpOz5YBnTHaVoo2gSZdR6xGk27Tq59PZNsb+z2BiMozKA6s3vXY/mKzPoMhm0hpOPCxx6Ho2QmYJHuPbOr2tLlFr6ICPyiAWZFw/g+qNBDST0LrQVHh6R0yAu15mo7L2R5WlERhOGTx8+/Y7pXWvH1sqxnLKUZ6sEqt2+zlW0lUYyvvpgDTabOvuHmsvZz3WthvdV8C0iManQkmSHQpaDKkzuYc8wv3Zz7uHbLTupEBA3MEckNXLvIwFRG6KGetLVG43Nxj/vhXQJjrBTEXB6Cnaf+Q+AKwhPDRv8e5lRcHoGK8jB59uLRx3DKUg6NC70Xr4do0sSWGCNdOtEVMVZuARiHgEtzzRnabQJDn6f8Mc2S+HKOvLxBnG4SBdYu1uWE/s7z8ygn8ROqWv5EN2R5Yo46ihB4NTHOg5CgiNO/QDTaXPqqMR1V7sVvdRLiME51X0fn/EFqD2+BmetpyiAb/QRQZvjHYkZgSi06nMTZ0u847nMnerlAsleak3NJuLH3au2YMIQ9UIMrUSWrtFsU99Xljje5lnQ2hKnwZUe3xpmXmo2Mm+3KOmw0/9cirHemcL9wcMd1ywCQjWwvcug+yIjU8UseLKtrH2se+VZB3EjagpH1SKOtroyH29lOrg45Q25EkE1Pk0xF+CdOL4pEmBFzw5Gxw6vkEzmWmMwmeCLKYD+dPP9TqsQM1V7czKeV/zUL3hSeO8svJdNHbNCN4fWI5STtEvdhSLh41S39HbIVOQbhAjAoD7LalhQRiTugkLLuqtmF8amGyAHmGA9aAldE0U28DHakcAKRWSPUTEluvWSTcnREgIpKAf7WSpUYqWq53Ht/c6HiZ2S+RgW4N8LCpIR8VCyxkfW46wzQVgurPP/UiddBZmzG0KpbYmktXNfb5L6SiECEpXfPQSoqjVqX7QYC/YjcvVUhIbtTddNJ8Tpsrno55gq+3fSx7nmKd1SDjjGl7z+2or/2d9GRe063ZnYg7GNjqjYN/wDZIuROUhKGYKF5+JhMU7UNZuuGy6P6NSWdJNwvnRcUu7WPOWO4WZocDmsY98PuvQt6FGjn+yIi3xYlNkvajxZDiAUUapM9CJssi1cmdpLasaCGdvKnXdDBQBGGdmHZuvkWLKGRIp6h1hTqlnt1Rne+04JaaQ4wGxxt4pKyVZoJinS35rrLuIsCr9Pa2HcSHUWcLMhG3Qpt7auZBU2m50EPNtqLgFGx8CQmGRD9EiLN/fqjc9j+GWWT/BeJrYXBUgkPWHTaDyIm+okMEQue1Zl59UYxFKhUeCM2b8PksoDWn851lgFO5EjPZ9mbGny9OAE9WzxdmpqnOaq6qYxuusg/9H/heQ6IjydPhUhH5FZl+e7q/n+nLDtuXjgkd/776T0SohGqIA88TKFNba9LpyhDKOO26uaK1GpGb/4gRgs+kLTdd2AYfW1u8nWO1Ug3/7WZ89inByJNtI5eHqyxPl7cTVl3WhSuGLcxfQnb+ajx8yZpBhrNtz7jC4T8xZm8rh2FVhV7Qu4l3VosSJh/giSrGmC55Mau9X1/K2tsDJuPOLibK3ZYSi4ZlAAuktLBDjomX3dbfNuvK5FthP+rjvfVAg8bRHvReTnsQ/cA2iMW11blCE42HcnSyq/ulFkch+Y6vlSNhNR+Crh5nXrXixaFDcA8hO3PjPHp5ocRGbZMXtBf3xptrFmfga9nMvzdJS5VminYHlV4kgh7HK8L+uh38UqVir/Dusj9JtJMxYzVZWmAqO2JO+rKdPdzXNEm896O/uF6zlgoHIG64HRE8I+NAyxxew8rN5lyIWFqhsx058sGsIiWoX7yAL4CIY8mgSsP4tR2wzBh2UhSlqwdSsUt/Flkk/cwS+8jrkIGxLDNHvcRqFlrH3iydqkz3LwUCproQrNZQ7sI2Wjmcsw+bETAVvRQhkvYdxUghGxZqM5MxjonuUrZ1fNWxFkQsaa9gJu1TK7lGIXtSA2RkS2HwYBNpp74fYpLiKSTeRMeMdmrClQ3CdHjv1epn6TZrqFtpvaMwVb5EbSzBSzmkSIKGtkP6ZOD6vItsp1Lkpvx0XeIEgY3sACUS+RhYiLxZF1XEDQXxbyNNl28XeQmL/v3qq3NlyviO8NqfttLHyl7tRc3Llx0LBjc2d34CEXFB19aFj2LHNG7Y1lpgOjKYjxRsFyy3I9Q3d3TUKWXqbgATYdc3UFT0OyRVXuFK2CRKO0T1JjH30m58RRw29Zsn6BLKxIPavwLD+MVxSeukYhD4Vr3j/Ke/yyklJMTpNqw+UQey9+Xu3hoVw==</EncPrivateKey>
<KeyHash>ir3Co+lV+P6GnGKKlCOeKOtyex/b0p2fNHgoIhuW9Ek=</KeyHash>
<KeyNaCl>d9OkMGXGWswbSqhxw2VsUw==</KeyNaCl>
</KeyFobName></KeyFobs
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists