[Enigmail] Popescu and keys

Thu May 21 18:23:20 CEST 2015

On Wed 2015-05-20 20:13:32 -0400, Robert J. Hansen wrote:
> In the last couple of days a few different people have pointed me to
> Mircea Popescu's blog, where he's claimed he's broken ~150 keys that are
> in common circulation among the keyservers.

At least one of the keys he claimed to have broken is a degraded copy of
one of H. Peter Anvin's actual subkeys, as Hanno Böck pointed out here:

 https://blog.hboeck.de/archives/872-About-the-supposed-factoring-of-a-4096-bit-RSA-key.html

To my knowledge, Mircea (cc'ed here) has not retracted this particular
claim, despite having issued at least three updates to his initial
report about this key (which is not behind a paywall at the moment):

   http://trilema.com/2015/full-disclosure-4096-rsa-key-in-the-strongset-factored/

> Unfortunately, his blog post is rather difficult to read: it's full of
> rude political asides that have no bearing on anything cryptological.
> I regret that, because it obscures what I think is a fascinating
> question: has he actually managed to recover private keys given just
> the public key?
>
> He claims to already have broken my key.  If so, proving it is
> straightforward: sign a 256-bit value with my private key and upload it
> somewhere the world can see it.
>
> I'm going to be fascinated by the results, one way or another.  If he
> can successfully do this it's going to lead to a lot of very interesting
> questions.
>
> For those people who are concerned about this, relax and remember to
> breathe.  :)
>
> The 256-bit value, in base64 encoding:
>
> 	* anr8HIZZ1hRjeaXDxJ71qBNpw5s9r+42CqF+Bpk9vU4=

Which key does he claim to have broken?  If Mircea has broken your
encryption-capable subkey (0xB8A6B74C001892C2) then he might only be
able to decrypt messages sent to you, but not sign them.

To provide him with an opportunity to demonstrate this (Hi Mircea!),
i've produced this message, encrypted to rjh's encryption-capable
subkey.

Mircea, if you can decrypt it, you should find a secret message, signed
by me, which includes within it the message-id of the e-mail i'm
replying to.

You can either produce the session-key (e.g. with gpg
--show-session-key) or produce the signed message to demonstrate that
you have control of Robert's secret key material:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

hQIOA7imt0wAGJLCEAf/f8YJHSum4fhlU6o54747oW76E2wGPotvIU3g7kfpOBWa
kjPB/x1VLrwYbCvJX2c7EmvshTwzZ2v4mqVfQ4d5shRqVCgtMiJlvxjrtQB9Rs29
6Im16cQeMNWSVT51HltoSkt5ZaA2Rx/19UEdFIRz9NR4kkXvGd3W3ZIj8FUBMHHy
tLCCkaUI+9xZjQu32IVyhkUSrdSPvXMdHd0s2iaecUJxSuHeWeumTxkXZtX/ajlB
VIy8Tc0zOPCK+FNhGKqasVvGhAABRxzXBLCgXu5v68hs3fv72JXXXXLdt2nbBVxG
SjCN9v4FiPf5+dH+5rsKsDoEL7sIgHgiQX+m5vfs+wf/diBQW55yisHtfneQeTe4
DQc2Zl/dsOIMF5ZnouyZgW2ha2h1MG/6nYlnbrauBUYNSP19XI4YO3yt33Z4RjmD
tsl92ENrio37hsOmjFOB54ail57tmkL7VoNYqBhbOnNcPK9FSPoPVsIT4t7TZm9Z
uCVHa2P5/IZmUT2G9MfoZZuJDg/b4QhWOWNPEQc+qWgxB6GbEfFLSENO74xb7NN/
x6PbM7qRLqE8/rPBzm29zYBmWHKLBli4ibAuEHtXPN7pHBZiLdQ26uRl2mB+FOJy
oCbgPdY+SDYKrLmi4/fL7d+kgJuWL5ox+0ZukV0vPax+ouXH/TsPN1NfMYO8t+R7
I9LpAeXFD2dTf25g8nnnC+pZK0gRgkaBHJ8YJQ3rkuL3Zn223KyAaXyIFMU18+Cc
7UiHPjNdA9imcFm0Bwu7rs0+Xu/+C/JOQf1pwhZb5/6f5BqqZAw1nhKi/lXrP4Ei
mLHw5Yn1VDRBnyqtKM4EBmrSye8q+qdd5kVARyr5Rsl8NFi4PC8eM09C29h4JfFy
yNZJEmJ7kqUiN/Lh1UegjaBbu0Zq1LASfAvcL040HHeMaswqEI+SZG2dI9tQcPws
cqJvT/+Jx18PWOPo/sB6ITkyoeuGAUh0o+6UJ7bIxIMCNRluy8UBGxGgqi7jqPTs
oXiHaf7GkMXcjZJUiYiCJH6G1GuS+mUwiIgzedCibm8TUGpLETW7hW7R4d3bcWon
d6gZr/avBHNLqIWsWtaDi05x2MyBTiYqJuc2g2VRUCiXqU5ME1OoYC8KBtanQ+zj
YO0bWVaDfCkbI6M8yLZ6u7glXLYLUOYhZ9/vlBgD8xbpiBo9AhUBejheqMOM55Fm
AAVV7HYG78iz2tx8kv+HyC1e7Rg3AtjtphOw5tSfFMgIE9jTQZGDBE4GCyZtddQy
edjX+a6MlWGN7DBttAentgFDXraKjD4zQszRNa4r0G8YiGWxTElBV1JPOrLbr8uA
9qc3Rt6cdM5Vd4AApoAxHf4L/josR0Cowm1wav6tRQxKKrXA/OYjnBDBfF2t+hAG
zwikEoCrxERMF6fxvN+ovytsmvSFfMRulStl/L4i3kR/blfvZOp0FfjL5vdtboIA
iGXqj7khAg5B47x3o31WgHAe0ZuzK+Vosdj5fpBk/Oo8oeHbQjPg6KOUNhOQuhey
M4CDo1EJwjPbRhQNUGhK21hCHaShWS3rCCO5t/yYNEI1tdqIjpurUyxr1SlNcoqz
AB+djexxxR8WZa4Mno9WVrLFDMOkcKFrWCILjL+AoGHAP0oc8jpyjiOlyWq7xvDn
T4y5b9Lj0gJ1AbdOhRpymvq2WaXeZNWBlVCUFIXcHrhQLxvCPmbE56Bclt8C2cx0
+pICppn4mSMCsUhgEwGeAwl+9+lZjcbRo7au0817lXsk+BWJ1DpMBG5nO/c8ljDa
+9ZgHjvN3iyb9fCsA9NngQic8o3NOYH90rFP0M+cS7HOY016UdOjF7Mk4tjjGJfJ
Liv4s2+UtZA3zcodTMjeecEu421wDHp7Nj2NG9DacloVf6ZgRGKbRRLKY+59prIx
hcxxCZJDZV3BooVDIkDyWhG4ztPEMBlZFw+qnyGcm1IJciWXjshfNiTQxONZQKxb
jQ==
=ED52
-----END PGP MESSAGE-----

Given the poor communication patterns and lack of retraction of
unfounded claims, i'm not currently worried that this is a real attack.
I am prepared to take it seriously if Mircea can follow up effectively
on either of the challenges here, though.

Regards,

        --dkg