a thought about PGP...
Whereas the maths is, so far, non-trivial to crack.
Did they steal some hardware? Or was something connected that shouldn't be?
P.
The creator of digital library and whistle-blowing site Cryptome.org, John Young, has revoked a host of his PGP key pairs after learning they were compromised. In a site statement on Tuesday, Young claimed to have learned "that all PGP public keys of John Young and Cryptome have been compromised." He added "the keys have been …
He is a bit weird. A few years ago I emailed him and encrypted to the key on his website at that time. He replied with some rambling story and would I mind resending in plain text. To my mind that is an odd thing to do after you have gone to the bother of generating and displaying your key.
Are you sure it was him that replied?
If someone had intercepted his emails and asked everyone to do this then whoever that was would have lots of plain-text versions of information that he would have thought were secured with his key-pairs.
Seeing some of that information somewhere might actually have led to him believing his keys were compromised?
Who knows, it's all gobble-de-gook to me.
He is a bit weird.
Yes, rather. Young has an idiosyncratic and often somewhat opaque style of writing (which often manages to be simultaneously verbose and terse, no mean feat), and he's a curmudgeon's curmudgeon.1 But he's been doing real, consistent, substantial work against various police states (most of all the US) for a couple of decades, without the attention-grabbing antics (and possible moral failings) of Assange the the like.
I've had an argument or two with him myself online. But I really think he's on the side of the angels, whatever his quirks and faults. More power to him.
1Apropos of this, I have long suspected ... no, never mind.