[Fwd: Czech attack to PGP]
Charles Lindsey
Charles Lindsey <chl at clw.cs.man.ac.uk>
Fri, 23 Mar 2001 10:06:13 +0000 (GMT)
On Thu, 22 Mar 2001 20:27:10 +0000
Ben Laurie <ben@algroup.co.uk> said...
.... Description of Czech attack.
Try the following for size.
1. Plod seizes your computer under a legitimate warrant, thereby
acquiring your private key.
2. He demands that you provide the passphrase under a RIPA notice.
3. You refuse, on the grounds that this is a signature only key.
4. Plod does not believe you, but he cannot prove it is not signature
only. But he deperately needs your passphrase (for whatever reason).
So he invites you to "demonstrate this is a signature key" by signing
something with it.
5. You are only too happy to oblige. Anything to get you off the hook.
But "Please Mr Plod, you have got the only copy of my private key, so I
will need to have it back in order to do the demo".
6. "Certainly" says Plod. "Here is a copy of it on this floppy disc"
(but of course it isn't - it has been Czeched). So you sign his test
document (your passphrase and key appear to work correctly) and give it
back to Plod.
7. Plod now has your private key.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5