Tim May comments on:

At 6:41 PM -0700 10/13/98, Anonymous wrote:

...

Dear BlackNet,

TOTO Enterprises, Bienfait, Saskatchewan hereby offers for sale sog's key under the BlackNet anonymous information market.

Payments must be in anonymous ecash delivered to a digital dead drop to be arranged later.

Or alternatively, we are willing to take bids in bottles of Scotch delivered to TOTO Key Escrow Services, Box 281, Bienfait, Saskatchewan SOC OMO.

I looked up the key this message was encrypted to on one of the keyservers by it's keyid -- 0x5A5AD16B. Look at this: Type Bits/KeyID Date User ID pub 384/5A5AD16B 1994/02/11 *** KEY REVOKED *** BlackNet<nowhere@cyberspace.nil> A revoked key, and a rather small key size, this rings a bell, some of you may recall that some time ago Paul Leyland factored that key. In fact I have the hex version of it on my own web pages somewhere as an example to use with rsa-perl. A quick altavista on "Leyland BlackNet" turns up the goods [1] below. (http://www.irdg.com/mep/nni/384broke.txt)

Hey, I could tell you all that BlackNet was used a while back to distribute some of the keys used by The Performance Artist Sometimes Known as Toto.

Well this message does indeed seem to contain a key for: Type Bits/KeyID Date User ID sec 1024/2541C535 1997/11/07 son of gomez <InfoWar@dev.null> and some claimed passwords for a "carljohn" sympatico account. Curiouser and curiouser. Intentional or not? Intentional I think from the contents, [2]. Adam [1] ====================================================================== ------- Forwarded Message From: pcl@sable.ox.ac.uk (Paul Leyland) Newsgroups: alt.security.pgp,sci.crypt,alt.privacy Subject: The BlackNet 384-bit PGP key has been BROKEN Date: 26 Jun 1995 10:09:15 GMT Organization: Oxford University, England Lines: 165 Message-ID: <PCL.95Jun26110915@sable.ox.ac.uk> NNTP-Posting-Host: sable.ox.ac.uk Xref: mozo.cc.purdue.edu alt.security.pgp:21006 sci.crypt:40008 alt.privacy:225 76 - -----BEGIN PGP SIGNED MESSAGE----- We announce the first known hostile attack on a PGP public key. In 1993, Tim May created BlackNet as a proof-of-concept implementation of an information trading business with cryptographically protected anonymity of the traders. He created a 1024-bit key, and invited potential traders to encrypt their sales pitch and a public key for a reply with the BlackNet key, posting the result in one or more Usenet newsgroups. BlackNet would then reply in the same manner. The original proposal went only to a few people and May acknowledged his authorship shortly afterwards, when his pedagogical point had been made. It was soon posted to the Cypherpunks list, and from there to Usenet. Six months afterwards in February 1994, a 384-bit key was created in the BlackNet name, and the BlackNet message was spammed to hundreds of newsgroups by the new key owner, L. Detweiler. At least one message was posted encrypted in the 384-bit key. The encryptor, either by design or by unwitting use of PGP's encrypttoself option, also encrypted the message to his own key, exposing his identity to anyone who cared to look him up on the key servers and use finger. Factoring 384-bit integers is not too difficult these days. We wanted to see whether it could be done surreptitiously. Jim Gillogly picked the 384-bit BlackNet key as a suitable target, partly because of its apparent interest and partly because he had saved a copy of the reply. Paul Leyland took the key to pieces. The public exponent was found to be 17 and the public modulus: 3193508200533105601431099148202479609827976414818808019973596061739243\ 9454375249389462927646908605384634672078311787 To factor this 116-digit integer, we used the same technology as the RSA-129 project which completed last year. That computation was so large that it was necessary for it to be done in a blaze of publicity in order to attract enough resources. Ours, we estimated, would take about 400 mips-years, less than a tenth of the earlier one. Arjen Lenstra and Paul Leyland have been factoring integers for years, Lenstra with a MasPar at Bellcore and Leyland with a dozen or so workstations at Oxford University. Alec Muffett has been contributing to factorizations for almost a year, using forty or so machines outside working hours at Sun Microsystems UK. Jim Gillogly threw a couple of machines into the pot, for a total peak power of around 1300 mips, plus the MasPar. The computation began on March 21st on the workstations and continued until June 23rd. Lenstra slipped in three weeks runtime on the MasPar between other factorizations; he also performed the matrix elimination and emailed the factors (PGP-encrypted) to Leyland. About 50% of the computation was done by the MasPar. The factors, as can easily be checked, are: 5339087830436043471661182603767776462059952694953696338283 and 5981374163444491764200506406323036446616491946408786956289 Over in Oxford, a doctored PGP was created. It could generate only one secret key, that from two primes hard-coded into it. The key was generated and tested on the following message:

-----BEGIN PGP MESSAGE----- Version: 2.6

hDwDqeLyyFpa0WsBAYCumTBz0ZUBL7wC8pMXS4mBS0m3Cf6PrPer+2A0EQXJZM46 OvPnqNWz5QK3Lwyg9DeEqAPF5jH/anmgXQEE3RNhybQUcqnOSVGMO2f5hjltI73L 8CRXhFzMCgjdCwTRf0Oq61j4RAptUviqhDq/r7J2FpY7GwpL5DxuJ+YrWNep69LK Q/CkKxtwvv2f0taly4HCLCcqw59GQ5m++WnOwDQWKG7yUaXJuUG/mJdr/o+ia3y+ QKyqOesHdSjWoXDpK7F2Cvxf2KpV3+vzbv+TriRyDV+zR/8womdJl6YAAAKtmWO2 fy0sp/cqr/1ZGQKmfZWz5L0bh1e/sJXJq9PjvPc05ePxZ35XEoRTCqxbq2GPynkH YSynfXZY//814TKmdQxPBvkc8Nbi0rc/GYyoAmItDui4mQISYskGkmLieoWDDlpP E9tZlb/7Xa22QS53Or6DwU/y226WXQvrWq5OJ+8OhQyEnLWsEdfgFoe1l9aeweX5 0ao5lcp098Q4JFfQWoaU9D7kmKvg+AVT44Pv16/nPvihAoC2O14xg7t1U8032ybs 4FLpvxyqoF7+oDV/QNw4Evk1ZnxE5+PH2sOf1qCJdljVSd3wGSfUQaDPRx5RH0XC SAgYMsIRaytpdoq521tHUZt2BIg7Ii89TfUBrnkenBFAqdZAf+JR1PSB4yaV3YtG PCS4lNQkmWx+ItjP0zsHVcAR0TiBcpV0gMY+tx0h40CTkDi2vHiVyswSJr4halsW SIixrdi6B0i3f7v7xlOpFI2khza1c/dH8nrF1uPLECeAZ8TQq53ZlyN472KYuTVZ 8y5NqyXd672dYEtzsOlUa9YwFKKyGisyDhZmE5wSOg2Pjopvl0WkuZSR/kdxrX/N hFdfXRy1Kgkr+vz9abumhcWS5lYCCfVLk/CIgRqHO09nlEJCTb1T/U788Gptr3/d 3dj8C/LECdY7fIdkmTgYhXmfv7fQxLWln29Yux0cEpRq2ud8rjYVSuEaTUO9dF4n 9oFRsPdbb0TOxaMVFm2hnELzeKAk/poInfEZkN2ZnusxJ4aM1HkBRva+CAMhQHdT XMisoNawWEDPwiwu91owIrBevPJNvX155jUTwKNj0UPBwS6TfS5gXl9g+LoBnMWQ nbMMMYVXbJVsAeVOlzTSBftpbglx1k7ocDaAJTZ3OCjf0FcKJsa+4Hybc713611c WSHV5esfY9k/yw== =nLfz -----END PGP MESSAGE-----

A successful decryption resulted in:

Although I realize blacknet was a hoax of some sort, I'm curious as to the reasons behind it and I would like to know the motives of the person who did it, malicious to make fun of cypher punks or simply poking fun at cyberspace in general. I'm interested in forming a similar net, not for the buying and selling of information, but for the fun of doing it, who knows what might come about in a network somewhat limited and away from the internet, but based on pgp without people flaming, and without the netloons like dwetler and sternlight, (I have my doubts about dwetler's actual motives in spamming the mailers) SO, hopefully they key I encrypt it to is the actual one, and if not hopefully whoever is intercepting this is as interested in creating what I am, why else be eaves dropping?? Looking forward to hearing from whoever out there, and I hope you're competent enough with unix to extract my pgp key from my .plan

-- Finger yusuf921@raven.csrv.uidaho.edu for PGP public key 2.6ui GJ/GP -d+ H+ g? au0 a- w+++ v+(?)(*) C++++ U++1/2 N++++ M-- -po+ Y+++ - t++ 5-- j++ R b+++ D+ B--- e+(*) u** h* r+++ y?

The next step was to create a revocation certificate and send that off to the PGP key servers. After all, the key has undoubtedly been compromised. The moral of this story is that 384-bit keys can be broken by a small team of people working in secret and with modest resources. Lest anyone object that a MasPar is not a modest resource, we'd re-iterate that it did only 50% of the work; that we took only three months and that we used only 50 or so quite ordinary workstations. We believe that we could have used at least twice as many machines for at least twice as long without anyone noticing. The currently minimum recommended key size, 512 bits, is safe from the likes of us for the time being, but we should be able to break them within five years or so. Organizations with more than "modest resources" can almost certainly break 512-bit keys in secret right now. Alec Muffett alec.muffett@uk.sun.com Paul Leyland pcl@oucs.ox.ac.uk Arjen Lenstra lenstra@bellcore.com Jim Gillogly jim@acm.org and, of course, BlackNet<nowhere@cyberspace.nil> 8-) P.S. The 384-bit BlackNet secret key is:

-----BEGIN PGP MESSAGE----- Version: 2.6.2i

lQDAAy/ty1QAAAEBgM98haqmu+pqkoqkr95iMmBTNgb+iL54kUJCoBSOrT0Rqsmz KHcVaQ+p4vLIWlrRawAFEQABfAw0gFVVGhzZF63Nc8HJin4jAy2WgIOsvST5ne1Y CbfyDIZ6siTHUAos8wMBQZ6Q8QDA2b6tiYqrGu6E1+F0DGPSk9MGif5/LKFrAMDz 8HXIK1zrEFEDq9/5dUXO2rk1tH+mkAEAv0EE9e5EJn+quL3/YvAg6bKOlM7HgVKq JEDDtCBCbGFja05ldDxub3doZXJlQGN5YmVyc3BhY2UubmlsPg== =/BEI -----END PGP MESSAGE-----

- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBL+6HEzt/x7zOdmsfAQGRpQP9FZluArrT5+zsG/R6y/MF7O3d7ArEkVe2 rUQgP7W2NxudAFHTNaL9mqLBDVNW/3PqWIhvHMtrSgG+ZAFBH5bP03tizfOFr+SL eO1JQgYFey7Wh5J/YCuE0VTlYMZ7bhnoiGIvTYZgxIzVWAYyGmlWKRDjfKz/Pks8 qavbPg6qbPo= =s12J - -----END PGP SIGNATURE----- - -- Paul Leyland <pcl@sable.ox.ac.uk> | Hanging on in quiet desperation is Oxford University Computing Services | the English way. 13 Banbury Road, Oxford, OX2 6NN, UK | The time is gone, the song is over. Tel: +44-1865-273200 Fax: 273275 | Thought I'd something more to say. Finger pcl@sable.ox.ac.uk for PGP key | ------- End of forwarded message ------- [2] ====================================================================== ATTN: Jeff Gordon As a bonus PRIZE for people figuring this out, here's Toto's sympatico username and password: username: carljohn password: 574kxy SMTP: smtp.sk.sympatico.ca POP3: mailhost.sk.sympatico.ca POP3 username: carljohn I sent much of my outgoing mail through CJ's system because he had so many hackers and system intruders that he was a one-man 'Crowds' unit. Toto -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzRiaHcAAAEEAPdnnUJRJoktl6tMtRcrV330FvNPok4FvTMOT82V0lIRA7ZQ jiAcv4Egm8nx6M6dc75eWIIPo4gZOWf5xjZzN8XjD2ytwMNqQnis0RMN9OI8ysk2 I7frJO0FNLikupHf+tUMhDc52qQbOcsVC53GZ8FdwY1zzaX7Dc5WpAclQcU1AAUR tB9zb24gb2YgZ29tZXogPEluZm9XYXJAZGV2Lm51bGw+iQCVAwUQNGJph85WpAcl QcU1AQFXPQQA8adaDwM3DnttrJPTjUd9I/fQ6q73Zvp6oLPP3MSon4uEbIVJryPB wZYfcjXb6Co84XFpaL8shtgP0cHYRZDfQraCwsaJWOm1Lh+ZhZyqHh2oF4QrpOhm A5YzxYI7SX3GIu/X1XO5vcb+BnJqbl2+RUaHnGqcwwrwxjSc1stGwJ4= =Yx4A -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SECRET KEY BLOCK----- Version: 2.6.2 lQHgAzRiaHcAAAEEAPdnnUJRJoktl6tMtRcrV330FvNPok4FvTMOT82V0lIRA7ZQ jiAcv4Egm8nx6M6dc75eWIIPo4gZOWf5xjZzN8XjD2ytwMNqQnis0RMN9OI8ysk2 I7frJO0FNLikupHf+tUMhDc52qQbOcsVC53GZ8FdwY1zzaX7Dc5WpAclQcU1AAUR AUzSerlWWdq7A/+EGrDs3oHlVDzmPEouO2m1gWLN6erKPgd5tiB7eWECJoiRC9AU Va2LJLxltmNKIq9znAMeeCpI3nirprYgHMvyASVPrXIo4WXB0NGSyTXSGFbmbfBA ZhIzgLYfSV7KC9e340B4wqQv/hSGyc9p7/umXgdccspoXM4fIwddYNt0+QIA+XS0 WUPNqr4lyW47GVAhFIuoYsTLi+ZTRRQbS2LAyV2dhGSFVo1Q1HrB/S58dQFTaN85 lRytpZKX2dc+9VC3JgIATZegUu3m2FmRMf7kr0IsRV94q0lxQm4egMPdru6CQGZl G7K9uGX/d/Rbtd0iP7aZ1iNDpgSakmNl5o3aYupCdQIAir0t68n1g91DzWwOMJKF 7E9fmQ21a7a2rDGk+5SV9nw3PxGwx/64CPHriDQz/ItYLPZKpHVLysuFGavYUFX/ 26JZtB9zb24gb2YgZ29tZXogPEluZm9XYXJAZGV2Lm51bGw+ =yYBi -----END PGP SECRET KEY BLOCK-----

Wew. The Son Of Gomez key I just decrypted and posted... it's not just _any_ Toto key, it's _the_ key. The 0x2541C535 one, the one that signed the message in question. Try it out. [1] the message, [2] the keys. (http://www.well.com/user/declan/toto/toto.pgp.120997.txt) (Subject line in archives was "Encrypted InterNet DEATH THREAT!!!"). Implications? Others had CJs keys? Toto is someone other than CJ? Adam [1] ====================================================================== -----BEGIN PGP SIGNED MESSAGE----- "Contrary to one famous philosopher, you're saying the medium is not the message," Judge Thomas Nelson said, alluding to the media theorist Marshall McLuhan. http://www.nytimes.com/library/cyber/week/120997encrypt-bernstein.html Bullshit! The bits and bytes of email encryption are a clear message that I wish to exercise my right to speak freely, without those who wish to do me harm invading my privacy. The death of strong encryption on the InterNet will be the global death of free speech on the InterNet. Accordingly, I feel it is necessary to make a stand and declare that I stand ready and willing to fight to the death against anyone who takes it upon themselves to try to imprison me behind an ElectroMagnetic Curtain. This includes the Ninth Distric Court judges, if they come to the conclusion that the government that they represent needs to electronically imprison their citizens 'for their own safety.' The problem: Criminals with a simple encryption program can scramble their data beyond even the government's ability to read it. http://www.zdnet.com/zdnn/content/zdnn/1208/261695.html Fuck the lame LEA pricks who whine about not being able to stop someone bringing in a planeload of drugs without being able to invade the privacy of every person on the face of the earth. Am I supposed to believe that I have knowledge of when and where major drug shipments are taking place, simply by virtue of hanging out as a musician, yet the LEA's are incapable of finding out the same information by being competent in their profession? Barf City... [I will shortly provide information for any LEA which wishes to prosecute me for my coming 'physical' death threat, on how to hunt me down like the filthy dog that I am.] "Why are you saying that the fact that [encryption] is functional takes it out of the First Amendment context?" Myron Bright, one of the judges, asked the Justice Department attorney, who was still in mid-sentence. He answered that the regulations were not aimed at suppressing speech, but only at the physical capacity of encryption to thwart government intelligence gathering. The Spanish language has the same "physical capacity." So does (:>), (;[), and {;-|). Likewise, BTW, FWIW, FYI, and my own personal favorite, YMMV (You Make Me Vomit? --or-- Your Mileage May Vary?). <-- Ambidextrous encryption. An-cay e-way pect-exay ig-pay atin-lay usts-bay of ildren-chay? Whispering also has the "physical capacity" to "thwart government intelligence gathering." When does the bullshit stop? When do we stop making the use of the Spanish language over the InterNet illegal? When do we stop making whispering, pig-latin, anagrams and acronyms illegal? When do we stop saying that our government is such a piece of crap that it is a danger to let its citizens communicate freely, in private, and share their private thoughts with one another? At one point Fletcher called the government's case "puzzling." http://www.news.com/News/Item/0,4,17114,00.html Only because her mom taught her that it was unladylike to say "Bullshit!" In arguments Monday, a Justice Department lawyer, Scott McIntosh, said the government's intent was to preserve the ability of intelligence agencies to eavesdrop on foreign governments and citizens. http://www.nytimes.com/library/cyber/week/120997encrypt-bernstein.html Let's see if I have this right... The U.S. government needs to destroy the right to free speech and right to privacy of its own citizens in order to infringe upon the human rights of the governments and citizens of other countries? Countries which already have strong encryption? Countries like Red China, which is currently engaged in encryption research with an American company who got permission to export much more diverse encryption material (after making a huge campaign donation to the Whitehouse) than Professor Bernstein will ever likely share with others? Apologies to Judge Fletcher, but that's not "puzzling." That's the same-old-same-old Bullshit! OFFICIAL 'PHYSICAL' DEATH THREAT!!! The pen is mightier than the sword. Thus, I prefer to wage my 'war to the death' against those who would stomp on my basic human rights *"in the interests of National Security"* with my electronic pen, on the InterNet, using encryption when I have reason to fear persecution by Facist, Nazi motherfuckers. [* ~~ TruthMonger Vernacular Translation ~~ "so that the government can maintain its authority over the citizens by use of force and violation of human rights, rather than going to all of the trouble of acting in a manner that will garner the citizens' respect."] I will continue to express my thoughts through the words I send electronically over the InterNet, both publically and privately. I will fight to the bandwidth death against anyone who wants to deny me my right to express my opinions and access the opinions of those who also wish to express their own opinions and share their true thoughts with their fellow humans. If the ElectronicMagnetic Curtain slams down around me, then I will have no choice but to continue my current fight in MeatSpace. And I am not alone... I will share the same 'DEATH THREAT!!!' with Judges Fletcher, Nelson and Bright that I have shared with the President and a host of Congressional and Senatorial representatives: "You can fuck some of the people all of the time, and all of the people some of the time, but you are going to end up in a body bag or a pine box before you manage to fuck all of the people all of the time." Am *I* going to whack you out? Maybe... I would prefer just dumping some tea in Boston Harbor, if that will get my message across in MeatSpace, but if it won't, then I guess I will have to take stronger action. There are undoubtedly a plethora of LEA's ready and willing to prosecute and imprison me for agreeing with Patrick Henry, who said, "Give me liberty, or give me death." The irony, of course, is that I do not pose a great danger to anyone but myself as long as I continue to have my human rights and my liberty unthreatened. The chances of me actually getting off of my fat butt and going out into the real world to whack out the enemies of freedom are probably pretty small (unless I run out of cigarettes and beer, and wouldn't have to make an extra trip). I fully understand that this does not lessen the potential of any LEA who gets a wild hair up their butt to throw a mountain of taxpayer resources into prosecuting me and imprisoning me for their own professional/political gain. However, if you are performing actions so outrageously against basic human rights and freedoms as to get me off of my lazy ass, then I am the least of your problems, because there undoubtedly are millions of people more functional than myself (who get out of the house and go further than the liquor store) who are less willing than myself to put up with increasingly heavy chains placed around their hands and feet 'in the interests of national security.' Feel free to have the Federales break down my door and imprison me for pointing out the obvious. After all, I fit the profile of a domestic terrorist--I quote the Constitution and the Bill of Rights, and I speak out against increasingly big government. But remember...it's the quiet ones you've got to watch... If you force everyone to 'be quiet', then you've got a world of trouble on your hands. Sincerly, John Gilmore <gnu@toad.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~ p.s. NOTICE TO LEA AGENTS IN NEED OF A CAREER BOOST! Yes, I'm just a troublemaking asshole, trying to get John <spit> Gilmore <fart> in trouble. However, if you want to go to the trouble of tracking me down, I will give you some hints, since it seems likely that anyone who has trouble finding a ton of cocaine at an airport might not be competent in CyberSpace, either. You might want to check with the Webmasters at the sites quoted above to see who has accessed their web sites this morning. The anonymous remailer I will be using is an open secret to CypherPunks around the world as a really bad attempt at disguising my true MeatSpace identity. This alone ought to be enough for some aggressive young LEA and/or federal prosecutor to earn themself some brownie-points, since I am a sorry enough son-of-a-bitch that they would not have much trouble convicting me in front of a jury of 'their' peers, assuming that they can make certain that I am not tried by a jury of my own peers. Bonus Points: I can also be tied into Jim Bell's Worldwide Conspiracy to assassinate government authorities, through my implementation of an Assassination Bot. (I am willing to 'rat out' Jim for two bottles of Scotch. If he is willing to rat _me_ out for less, then I guess it's just my hard luck, eh? <--that's another hint!) p.p.s. You can also charge me with use of 'conventional' encryption in the commission of a crime. Must be your lucky fucking day, eh? -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNI24Hs5WpAclQcU1AQFaggP8CPTVy8EAY3JbIG94frc3C70MW0hUznmp fRgBrq7m5tLGjX7fh3/s4fpTnQi+xUvRUroFETlR6KhM3srSy456wovpFlcLp7uc xk31cRPEroFhO9NRVBUjzToCj78iDvdGm9QXUwLctbbohpdId/KKLTAUM6//4mCB i/9oezfegWc= =4/6E -----END PGP SIGNATURE----- [2] ====================================================================== -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzRiaHcAAAEEAPdnnUJRJoktl6tMtRcrV330FvNPok4FvTMOT82V0lIRA7ZQ jiAcv4Egm8nx6M6dc75eWIIPo4gZOWf5xjZzN8XjD2ytwMNqQnis0RMN9OI8ysk2 I7frJO0FNLikupHf+tUMhDc52qQbOcsVC53GZ8FdwY1zzaX7Dc5WpAclQcU1AAUR tB9zb24gb2YgZ29tZXogPEluZm9XYXJAZGV2Lm51bGw+iQCVAwUQNGJph85WpAcl QcU1AQFXPQQA8adaDwM3DnttrJPTjUd9I/fQ6q73Zvp6oLPP3MSon4uEbIVJryPB wZYfcjXb6Co84XFpaL8shtgP0cHYRZDfQraCwsaJWOm1Lh+ZhZyqHh2oF4QrpOhm A5YzxYI7SX3GIu/X1XO5vcb+BnJqbl2+RUaHnGqcwwrwxjSc1stGwJ4= =Yx4A -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SECRET KEY BLOCK----- Version: 2.6.2 lQHgAzRiaHcAAAEEAPdnnUJRJoktl6tMtRcrV330FvNPok4FvTMOT82V0lIRA7ZQ jiAcv4Egm8nx6M6dc75eWIIPo4gZOWf5xjZzN8XjD2ytwMNqQnis0RMN9OI8ysk2 I7frJO0FNLikupHf+tUMhDc52qQbOcsVC53GZ8FdwY1zzaX7Dc5WpAclQcU1AAUR AUzSerlWWdq7A/+EGrDs3oHlVDzmPEouO2m1gWLN6erKPgd5tiB7eWECJoiRC9AU Va2LJLxltmNKIq9znAMeeCpI3nirprYgHMvyASVPrXIo4WXB0NGSyTXSGFbmbfBA ZhIzgLYfSV7KC9e340B4wqQv/hSGyc9p7/umXgdccspoXM4fIwddYNt0+QIA+XS0 WUPNqr4lyW47GVAhFIuoYsTLi+ZTRRQbS2LAyV2dhGSFVo1Q1HrB/S58dQFTaN85 lRytpZKX2dc+9VC3JgIATZegUu3m2FmRMf7kr0IsRV94q0lxQm4egMPdru6CQGZl G7K9uGX/d/Rbtd0iP7aZ1iNDpgSakmNl5o3aYupCdQIAir0t68n1g91DzWwOMJKF 7E9fmQ21a7a2rDGk+5SV9nw3PxGwx/64CPHriDQz/ItYLPZKpHVLysuFGavYUFX/ 26JZtB9zb24gb2YgZ29tZXogPEluZm9XYXJAZGV2Lm51bGw+ =yYBi -----END PGP SECRET KEY BLOCK-----

Martin Minow <minow@pobox.com> writes:

Adam Back <aba@dcs.ex.ac.uk> notes that the "Toto death thread" posting was signed using the "son of Gomer" Blacknet key that was broken by Paul Leyland (read through the past few days of the archives to get the context).

Note the `son of gomez' key was _encrypted with_ the Blacknet key. Toto/anonymous was submitting his information for sale to Blacknet, so he used a `digital dead drop' -- encrypted with Blacknet's key and posted in a public place (cypherpunks), however he (it appears intentionally) used the weak 384 bit Blacknet key which Paul Leyland's announce claims was created by Larry Detweiler. Also note that Paul Leyland (and Alec Muffett, Arjen Lenstra, Jim Gillogly) factored that key a _long_ time ago, Jun 1995 (see the Date on the attachment of the announce to one of my earlier posts.) Perhaps you understood that, but what you wrote (son of Gomer Blacknet key?) was confusing.

Adam notes: "Implications? Others had CJs keys? Toto is someone other than CJ?"

One other implication to consider: you might be able to attain semi-deniability by siging a message with a key that is breakable by an adversity with govermental resources (to use an euphamism) but not by an ordinary, presumably less motivated, cracker.

This is similar to the time-delay crypto proposals made by Tim May and more lately David Wagner, (and some other authors who I forget, I think Schneier). One of the time-delay crypto protocols is to encrypt the information one wants to a time-delayed release of with weak encryption requiring the approximate amount of time you wish to delay to break. 'Course it doesn't work in general because it depends entirely on the resources of the attacker. Really you need a third party to publish private keys at delayed intervals. But for your suggested applicatoin -- plausible deniability for `speaking truth to kings' -- it works fine, because that's the point, plausible deniability against well resourced attackers (you are in trouble if well resourced attackers are interested in you anyway), but some value to the signature for low resourced attackers. Other ways to provide plausible deniability is to not sign public posts, and to use non-transferable signatures for private email. Adam