Fidonet Portal






From: August Abolins (2:221/1.58)
To: All
Date: Mon, 01.03.21 22:35
who would fall for this?
Hello All!

It seems like a bad idea to go ahead and fill in the blanks on
this page!

https://www.igolder.com/PGP/decryption/

--
../|ug

--- OpenXP 5.0.49
* Origin: Key ID = 0x5789589B (2:221/1.58)

From: Wilfred van Velzen (2:280/464)
To: All
Date: Tue, 02.03.21 14:37
Re: who would fall for this?
Hi August,

On 2021-03-02 08:33:00, you wrote to Tommi Koivula:

TK>> "enter your private PGP key"... Smile

AA> I was just moving my own keys from one of a pc to my Blackberry
AA> when something interesting occurred to me. First of all, my
AA> opengpg prompted for my existing passphrase *before* it would
AA> E)xport the key. Secondly, even if someone had the key in their
AA> possession, they would need to know the passphrase to use it.

AA> So, it seems that *just* having the private key block (without
AA> also knowing the passphrase) is not very useful to anyone.

Some people save their private key without a password, for easy usage.
Sometimes you "need" to save it without a password when you need to use it from
automated scripts.

And when a key has a simple password, it would be possible to brute force
finding the password...

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

From: Wilfred van Velzen (2:280/464)
To: All
Date: Tue, 02.03.21 17:32
Re: who would fall for this?
Hi August,

On 2021-03-02 09:16:00, you wrote to me:

WvV>> Sometimes you "need" to save it without a
WvV>> password when you need to use it from automated scripts.

AA> Scripting.. never thought of that. But I seem to recall that
AA> there are ways to pass the passphrase via a variable or
AA> something which would be better than having no passphrase at
AA> all.

Yes. But it's more work... People are lazy.

WvV>> And when a key has a simple password, it would be possible
WvV>> to brute force finding the password...

AA> I wish I could remember what I used for:

AA> pub 512R/246249F7 1994-02-16
AA> Fingerprint=BC 1B B6 D5 15 AC F1 D4 F2 B4 0F A2 D6 31 7F 53

AA> I'm pretty sure that's me as "abolins" when you do a key search.

AA> I know that I have the private key stored on a 3.5" diskette -
AA> somewhere. I used pgp to email TODO lists to myself from home
AA> to work and back. I don't think I could brute force the secret
AA> if I tried. It was a modified latvian phrase. The key is what
AA> did I do to tweak the phrase?

Talk to your local NSA office. Maybe they can help? ;-)

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
* Origin: FMail development HQ (2:280/464)

From: Jay Harris (1:229/664)
To: All
Date: Tue, 02.03.21 12:46
Re: who would fall for this?
*** Quoting Wilfred van Velzen from a message to August Abolins ***

WvV> Talk to your local NSA office. Maybe they can help? ;-)

https://www.backblaze.com/blog/wp-content/uploads/2013/10/nsadata.jpg


Jay

... Count Dracula - your Bloody Mary is ready...

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (1:229/664)

ABOUT

This forum contains echomail areas hosted on Nightmare BBS You can browse local echomail areas, italian fidonet areas and a selection of international fidonet areas, reading messages posted by users in Nightmare BBS or even other BBSs all over the world. You can find file areas too (functional to fidonet technology). You can browse echomail areas and download files with no registration, but if you want to write messages in echomail areas, or use fidonet netmail (private messages with fidomet technology), you have to register. Only a minimal set of data is required, functional to echomail and netmail usage (name, password, email); a registration and login with facebook is provided too, to allow easy registration. If you won't follow rules (each echomail areas has its own, regularly posted in the echomail), your account may be suspended;

CONTACT