lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 9 Apr 2012 01:13:42 +0000
From: "Thor (Hammer of God)" <>
To: Jason Hellenthal <>
Cc: "" <>
Subject: Re: Thor's Private Key

You must not have read closely then :)

The GPG key structure is a collection of all keys in a single database.  If you want to use different keys, you have to move entire keyrings around.  Exportation of keys is in ascii, but you can't programmatically access any elements of the keys or the encrypted data itself with an open format.  By default, the encrypted data is all binary, and if you ascii armor the actual data, you've got multiple steps to decrypt it and can't identify key information from it. 

GPG must be "installed" on target systems, and you have to be an administrator to do so.  TGP runs as a single executable.  TGP has full access to the X.509 Windows Certificate Store and can validate PKI infrastructures based on these certificates.  GPG can't even access the cert store.  GPG has no provisions for key management at all.  TGP interfaces with my "Rainmaker" API to provide off-site key management and verification based on permissions and certificate trusts.   As such, the client never has to have the keys in their possession, and the keys never touch the file system.  You can't do that with GPG.   TGP encrypted data is "cloud ready" for SOAP/XML -based API structures.  You can't do that with GPG.

TGP also is the only multi-platform encryption tool where you can encrypt the data on the PC, store it in the cloud, and then decrypt it on Win7Phone with even TGPMobile taking advantage of the Rainmaker API key management system.  So for mobile applications you also never have the key on the device.  

TGP is trivially easy to use.  Average computer people can use it (and do).  I've seen PGP/GPG deployments fail miserable because people couldn't figure out how to use GPG.  

Most importantly, I can make it do whatever I want it to do without having to parse through mounts of pieced together code authored by who knows who.  

Those are some of the differences - not that it matters, of course.  I've made no claims regarding any differences to GPG good or bad.  I comment about PGP on my site, but that's it.   So feel free to LOL all day, but I really don't see what your point is.

-----Original Message-----
From: Jason Hellenthal [] 
Sent: Sunday, April 08, 2012 5:41 PM
To: Thor (Hammer of God)
Subject: Re: [Full-disclosure] Thor's Private Key

LoL WuT!

Whats the difference between just encrypting your data with GnuPG... and yes I read your about TGP page lol.

On Sun, Apr 08, 2012 at 10:54:34PM +0000, Thor (Hammer of God) wrote:
> Please ignore (again).  I need this key here to parse some FD archives.
> <?xml version="1.0"?>
> <!--TGP - Thor's Godly Privacy: KeyFob XML Document--> <KeyFobs>
> <KeyFobName>TGP<FobName>PrivateTest</FobName><PublicKey></PublicKey><E
> ncPrivateKey>193PM88EjC/C7DtVH/UWzI9ALhLyxr/vbeV95vGvVPlw5KKH3szdnzCMs
> 7cFWC7Hq2vqxIVwIDMrp9fG43mPnS1+Ya/96TmBk88gCcwdkkKlc4UDHDj73mEhvIra0P0
> /L2VZDxX9rFbv2rEKMTKLXnW6dMSdJbfCN1AOI+jCsv+9pm7bcbSCRMaOJZoXUHjZiW1gp
> unUqi0zgbXYo10WGZJhfYa1uL9x4NuUjZ9P6m9haum8T1YQiV7+EZwbRl+9wD4bZ97pbP0
> d7fikCJFw/0VaN2EJpgpzlxDEmTWpaAomKk/3gd4TAo+iM53XX3uwwL0g8yXWqgllZRLZS
> 9u5jS6ZPzNwhy8n4+FER7as4IpDZwOjg9vKNyBPYNN2xPOh6gOBKUZERRkuyp0zTyOZPTH
> 0D3/xlCqXlfhyqzntmxSpiCH2dzuhJR8Rj+LJcTTgzNsVNo2zSq9BfdTLZNsV5g2l/2PTe
> cA9DbDWrDQHBmMbSIbxqBLtxD+kVUm1XPf1C/5bhfbuZroCXGGgE6NykBpH5rThfRDV/7R
> cMqtd1d/2kIy0y5R0p9lsGKy3UHejuPP2x9KRWjb7en7GFnC9u3BE/92qOxJO1x98pdYn3
> HS6QkmJKM1cvHhoxrowT8T87YEjK6o3J6s36xKW6kzTVS6AQMS8CfAb2lodheqvccREFUo
> PB/3n7BXbGT1gk9udApaaCcu8nNCsjDVfVMfYMuDk2SsJzkZvhOylsJNYmLrd9TuGOh7XT
> Dqi5GjT9Bg2rPFImxuuB5Y1kSag9Po2FKAfHIfxmDzPQQDo7wyclN5yrGmVCJOZfRZuFOQ
> cRh1t9p+F2eoe/zJJcN3BuMaCNyoEHx4ePDEtrCmYvvrSwCn7MBZM2qI/fZnuQp6SsbwyC
> znDub2wtx+Yjz4hoYnmDd3B2uY11WZ8Fd3NOHV9vcNhEfr2gjCyJoaSK2chiz1BJGWlI85
> Gy1h9onf8wLxwNh6+S5HJ4PrDG8uF/SsDHIiODyWfwLtX/fVfdumNw1bINQMdSfJDw7ViH
> lmWuOlDaJHQY2soeI/mSB8Wem7551iS//jN4iCM8yJ0RDKay8d4HHRdGFyy4zGMVByzTOy
> AqH3k90eQjB+8DW8Jzo/Yi8mxYD1Z54aZycamhN2R9x3u08tf/AUdw0+nymbaksnQireZH
> 6YIGNd2WutE2R/2/fGmDR0YebA4dP7KJ0NzKnLzFYnCY/WR9oxdKRHCa8pY1xvs+V722+q
> LHmI97bKkxWEnY+FkuxhlZiMDMIEpFTifoXlQlqVUQoqFgV2HZO7KeUZMtm2yzUvcKUeOj
> 2gHs0Qw9z0QxcMqe0Pp1k8ZqoSBqO7T4j3LHDkwwvfe8kp6ve9QhksYLnqI/5Gegu7/lz1
> srwFo8+kbAMns/O55h5ISQOV5T7ElSgDEhQqDRFA3fdytgjZDFsB0JVkvb89dtJUU89qC9
> fX08hg1YZzAdoyDsefRu5dAwOfOeXKVmVkbIUcEASm5/8k1gvdDEDy6gBl0u1xLOGYK0i3
> liyLlOgWbPA3iEmYsGZyorRKn5q2sT/BVNQQTL9wdZiw3d8Zu0SiHpZyW98SfrOL3bHC0a
> xIK+VFd3sQXm98l6IV/hGoevr4zRFrWktiCnh5QG5viy4NcoqCcgkU514v4RUMjQMytEKQ
> hGgTOoJdAdutlD8B0nQ5pYExcecamlMhWwjujjw988b/GlQ9cnchGzLoSVxdgo2Xuvetxs
> FPnTzpl5kv4rLtnepAzfJbs4WQziLSUijK+BtnZVujpihFDkz2ZFMIcOiVaKLtl1kU2uBC
> ziw2WrBsq37CyzZZRhr9vNd4PWO6QBopPq4pPTM3llQ0nUrnGNDfmc05kSRxM4eiprKxGo
> BYdMJfOfcFPj49qbUb8TYtYz3Fgoc46cfwmVKGOQkJdSJzD8vVKj8BdguLGLf4s0IQrxnc
> LWGjOAic4nz7x
> </KeyFobs>
> [Description: Description: Description: Description: Description: 
> Description: Description: Description: TimSig]
> Timothy "Thor"  Mullen
> Security isn't about thinking outside the box.
> It's about not thinking yourself into it.
> Thor's Microsoft Security 
> Bible<
> dp/1597495727>
> [Description: Description: Description: TMSB-Prod-small]

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> Hosted and sponsored by Secunia -

;s =;

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists