PGP software pirated

David Shaw dshaw at jabberwocky.com
Mon Jun 11 19:39:59 CEST 2007


On Mon, Jun 11, 2007 at 10:21:16PM +0530, Hardeep Singh wrote:
> Hi All
> 
> Someone gave me a PGP signed message that unlocks the paid version of
> PGP. Just to be sure it worked, I tried it and then uninstalled the
> software (I dont use pirated stuff, GPG is much better for me).
> However, does this mean that someone was able to find the private key
> for the key PGP uses to sign licenses? If that could be found, then
> probably our keys can also be cracked. While I personally find this
> impossible, I want to know how the hackers were able to  give me a
> signed message? Is it possible they tweaked PGP to use their private
> key instead of PGPs and hence PGP is not really broken?

I suspect what you got was either someone elses license file, or
possibly something that patches the PGP code itself to bypass the need
for licensing.

Even if the PGP license key was somehow compromised (which I highly
doubt), it does not follow that "probably our keys can also be
cracked".

David



More information about the Gnupg-users mailing list