Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC

New Message Reply About this list Date view Thread view Subject view Author view

Ryan Lackey (ryan@systemics.ai)
Sat, 2 Jan 1999 20:04:28 -0400


[Sorry for being off topic on CodherPlunks, but I figured some people might
try to email me, and it would be annoying trying to get...]

[mailed to myself, cc:'d to a few lists, bcc:'d to more people]

To whom it may concern:

My laptop HDD, which was the only place in the world my PGP key 0xFBAF5E44
was stored, appears to have died at 0xFBAF5E44, taking the key with it. Due
to the presence of confidential data on that drive, I do not think it will
be data recovered, at least not quickly. The drive itself is not long for
this world; some appropriate death will befall it as soon as I can come up
with a suitable implement of destruction.

I have full backups for the drive; if we wait long enough, it might be
possible to brute-force the 4096 bit public key, or more likely the
168 bit 3DES cipher they're encrypted under. I'm not holding my
breath :)

I had a key revocation certificate on a floppy, but it has been lost
sometime in the past few months.

I was in the process of doing a secret-split key backup system for the
key, but the drive died before I could distribute the pieces, and thus this
is irrelevant. Yes, not having backups is bad, but it was a better choice
than having insecure backups.

To be positive, this is a chance to upgrade to GNU Privacy Guard. For more
info on GPG, check out http://www.d.shuttle.de/isil/gnupg/

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v0.4.4 (GNU/Linux)
Comment: For info finger gcrypt@ftp.guug.de

mQGiBDaOqZwRBACwgBllWGbnDzwk7dObkzfUASriXK9ahNBI8rgpqXf2e1VSE7jE
hbA0GutxdnF+JqnpD5ckpNayphpLwNAVUuO0O3sRFUGRMeJZWaGXIWs66IkHztcj
STSWyK76brkRffbrHlIUpzC+Wyu85NQnA4hwTDMHsiDRtv2LhAHGyN2A5wCgwZgD
DXNEDYd1XO+xztO4LBYPZcED/0D6h/aP/ur4HuzaihjPQA1ANbdBLHTj2WGXDZgj
Bvhs1plPyTwlHj7LS+sMfijfXghnjZ1tPQ/XD9zKBGDbM/nbdtH7lWkKpUXYNh+S
nz8rf1kBM3Y12QgLoc21Fos2SJWnzNBtRFtite930yNoBk33In1K3lFfQ6288VA0
iCREA/9hLAwr4lZEFX22ZZNr+4ZNduVhHNffAFkRV/ETlHmEGKmzlHfWpx7/bFC9
esIkpMHunAG0ZQpTLDIyTma/zcewmhsU0inNI54Ryf7H0ruJcDek4yBlQ3fpegyG
wX/j9T3yoJwvpd0a/Yr0VJBJdxwrVsKXkhVqM4iaIIQRs0x2nLQzUnlhbiBMYWNr
ZXkgKFByb3Zpc2lvbmFsIEdQRyBLZXkpIDxyeWFuQHZlbm9uYS5jb20+iFcEExEC
ABcFAjaOqZwDCwQDBRUDAgYBAxYCAQIXgAAKCRCj6AKy+CcaiqWlAJ94B2dUB8P0
KgIWQQYYCZsroSMRqQCeMWfHdwjmXyBd7e1YObPnY/ZBtMS5BA0ENo6qzhAQAJki
MqJKmPL3eOtQn4CaTir/u9ymQFhLsyvarQqfOMvvxoMNDal+jpdygKaqUqx+JyLk
VelK4DZt4QkpcvGQcZjNHLHUUuwwNSFricVtxQGM4OMuNG0aNvxDTOhIPuQVH5xp
s4esRNetHHiO2d8Cn5h0XRRplZBrElGFbZxzq6/5UzrFcQa+hh+OP7JORdnWqP3k
d+skc2rHZR+6ue6JTURqh3FM9dZVYxlZH8NMHzP6BrruU0Bg0SMop+kvBO4XhPg0
gkhFC6iZkKCKMtOuSrB9uwvmcrRdTbAsOpVgB3gxTVwHo/jnufL3G+hvc3erdC2O
oPnAx7RzuVTAOc3IIE/8Ea6LpJKYDExCgoeZL92bUF+fS+/Twjp70d6jLrgkhIEG
ZrkEWbYXQT8qUv4+Hnp4wsVM2xrkVjzBDEeem6w/fFFuRUMRmreThoyxgFM2hvdP
kDxXO+RurKVUkzviHSZ0GfFbUPQN2/hZRVafBB06O2dX6VGA9tU8WGT1LpOW9COl
faRAz6ktBimXiCR2VLaal8Jdu39QAenaNuGx/El/btSzc2HqIiq5sXFF37+/fF7j
IaZmRtWBpSfQDmMfhtAUdnyop4hJgk3b/AL/0W6an1keSnxb5f7PfgJwfbS0l6QK
JWWnNqPOjYCSrVpEmmi59Tq+JB/LXQ7dOsKAXUAHAAMFD/wMhfCRk9RDHUMjAZw/
4DA0uceBRoQ2a/vK/0U0GCx7HYX1GmSUlZM28M87778jpBEf/fzHwAoHiaO6kFM9
pfcL8bzTL0WWVKBUamKqwzDVXbbgPAzKVIx4HPwhgZcQ/fFj6cYEGc3g06lM/Es5
qVwom/gKCW6kRKtdcVzlydMBdUtkpxTjQ+YMgP0lmFTx8DpWwu8pMU6zpt7jOEwX
RUAb8EfQp5ah2lmnnikxhFjXh56JQE65eAw+WpKmZOM/6bm9it6Go6VL1fKy2BE8
D/u44lvkiFN80fPK5DiZALk27qDRdt8FbhwSQcNx5NnqSZdx+24gtfu2xsohIH+y
fn1Xa/xoYHreLTV+Oi9sRufMBXI2yLO4Azh05iCipwg4ZZR6q1voxn5QkaeMSb4o
RRNPFBIPc7HqSSWiSt3aLkZxc9agZ+Ni15SZxncGY4ySZm/2BPO/ZXM2j55GW9hh
HspFPIQotF4YpQ3LaSZ2yRIvfGKSxGP4xqiLiLLVZFEICORXXl6NIkrur1fUn7Bn
GxaWQ/o26Mv45bJfHd/w5qReEMlauKkZlu6UBrDdTE0H3DegI7jllgEJwxQNKN9+
VyWWCHCdYDdw+rMiH1JHrT7BWSeo368weFZb77M7J9k2k2Q4DzJhfbyy053K+QC+
L5I9nysHn+yuubitbPtEssHyhohGBBgRAgAGBQI2jqrOAAoJEKPoArL4JxqKCWUA
n362YEDqTXEN1PFfbpjCpnazVM5oAJ9uDIQmUbu0aQLI3sSFim+6hztwHA==
=wEhU
-----END PGP PUBLIC KEY BLOCK-----

Abstract commentary on security:

Presumably, on receiving a message like this, you would discount it. Perhaps
even send mail to the old key asking what's up. There really is little
way of bootstrapping trust from one key to another if the key didn't
respond.

One way is to publicly ask that anyone with a copy of the PGP 5.0i private key
"0xFBAF5E44" respond publicly to this if it disagrees. Mail to cypherpunks,
or whevever else. Take out an ad in the New York Times. If this is a
conspiracy against you, it is pretty easy to derail, unless of course you're
dead or arrested or whatever.

You could try multiple forms of communication: email (ryan@venona.com,
ryan@systemics.ai rdl@mit.edu, whatever), phone (264 497 5090), visiting in
Anguilla at fc99, or whatever. You could try contacting those who signed
my key previously (which is still on keyservers): Ian Grigg, Lucky Green.

Whatever you find appropriate, go for it. My hope is that by handling this
somewhat publicly and promptly it will not be as if there is a lingering
conspiracy theory that I was replaced by <insert evil empire of choice>.

Cheers,
Ryan Lackey
rdl@mit.edu
ryan@systemics.ai
ryan@venona.com
ryan@venona.org
ryan@venona.net
264 497 5090


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:01