[Fwd: Czech attack to PGP]
Owen Blacker
owen.blacker at wheel.co.uk
Fri, 23 Mar 2001 12:20:24 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bugger! That's sneaky... :o)
> -----Original Message-----
> From: Charles Lindsey
> Sent: Friday, March 23, 2001 10:06 AM
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: [Fwd: Czech attack to PGP]
>
>
> .... Description of Czech attack.
>
> Try the following for size.
>
> 1. Plod seizes your computer under a legitimate warrant, thereby
> acquiring your private key.
>
> 2. He demands that you provide the passphrase under a RIPA notice.
>
> 3. You refuse, on the grounds that this is a signature only key.
>
> 4. Plod does not believe you, but he cannot prove it is not
> signature only. But he desperately needs your passphrase (for
> whatever reason). So he invites you to "demonstrate this is a
> signature key" by signing something with it.
>
> 5. You are only too happy to oblige. Anything to get you off the
> hook. But "Please Mr Plod, you have got the only copy of my
> private key, so I will need to have it back in order to do the
> demo".
>
> 6. "Certainly" says Plod. "Here is a copy of it on this floppy
> disc" (but of course it isn't - it has been Czeched). So you sign
> his test document (your passphrase and key appear to work
> correctly) and give it back to Plod.
>
> 7. Plod now has your private key.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
Comment: Due to RIP, pls check for revocation before using this key!
iQA/AwUBOrs/ZVVeQSYAA2h0EQKj4gCg+jabSW5a26qUSvLjVLCQclvQWc4AnRDt
GkhCNEuzY9ygnklY1tCrZWEu
=bM+K
-----END PGP SIGNATURE-----
_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/