New PGP Key

Dec 04, 2014 by Javantea

This is a quick message to those who communicate with me over PGP or who verify my signatures, I am now using a new key and I am retiring (but not yet revoking) the old 1954fed2 key. Many things I have written are still signed with the old key and many software packages I wrote are signed by that key so it will remain secret hopefully for a year or two. The reason I'm changing keys is because the 1954fed2 key is 1024-bit El-Gamal and is 9 years old. How many keys are 9 years old? The longevity of my key probably has to do with my trust in El-Gamal and my distrust of RSA. Over the past few months I have factored a handful of weak RSA keys and I have done a little bit of cryptanalysis. There are many weaknesses in cryptographic keys and many weaknesses in the computer systems that protect them. We hope that we will avoid these and that our random number generators are strong enough to keep the NSA from reading our personal and business conversations that we choose to encrypt with PGP. We also hope that the NSA isn't able to sign malicious software with our keys or the keys of people we rely upon to provide us with software. But in all, we can only do so much and if RSA is broken or SHA-2 is broken, then we just have to deal with the consequences. Until we know better, we have to use the best judgement we have.

So now for the key. It's been signed by 1954fed2. The key id is CBA783EF. As always, only trust fingerprints or keys signed by keys you have checked the fingerprints for. 

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQINBFR5XEwBEADZugzJdRuD2WROStTqK88UhMjEs+Y2CMrztHavacyJj7b299FB
X3cj1pxU5IUV1NdMG4onKKl/VQja9GvIppZmfYI0z/eL6FnXOVq4CW4PlyKgotr+
44XF7/BndyO7C5KpVEsnBFSlXExtFCranG7UTDqXGXXCnu6ZVUAJ79B2vN7soh8C
KBpckYmrv7PSsMWeBC2wLcFJhESduL8gJhePleX3DEBhLLBjg1o8864y9Wpi/xeT
F0oG5hTKlC0i9/hEkHqRbD5EzY+GJj3M9w/QXUAgaCg81NBXYpMTOlNEaMHY3i1g
i9UdXyFsCMKMO7adYHBSnJqlr95lOOSov8qgNP5KvCv9KZodanaviN22MG8X/czb
kLn8lZD8/Sc97yH9EbDENWUas/xd/DJapDDd1k+v9RzFTkKm+QXQIhdTIxwZBEM8
QZCMdIMlq/U8GNLzQE7k6MBcSzAzAepTeOuIFJYCy2tqiHOqUA1u7qwyDVUD/0tl
GTRWTby1viNIBgdDn2rvwu7kmuzdjkH9S1f22filIr8M1rI3MAOBVXHgeHjuH5hn
ZOKlvtpreM3hFCCdJantGi1m8MLUkCzfTjD4llWAVHZaJXqvxG+7S//5De3GmfDV
5SOWtv2r2CyZOEUvyEMq3u/dptGol+z9UNAw66ZtIxahluoKfNz2+nA5+QARAQAB
tBxKYXZhbnRlYSA8amF2YW50ZWFAbmVnOS5vcmc+iQI/BBMBAgApBQJUeV5nAhsD
BQkDwmcABwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQPGjI28ung+8cYxAA
wnMx2TE1VksIdJseqvzWLatBo83Z1tmE/c+FKqLuSS7GobT+dw+jBupmS9n59jZi
mHt1AZHzLmdANKL1iocM9dsvGhrhfl0irJB8fNCMnyIOwZXVjcR3dn4PJRtTVgwt
juUDMu44+tK6yRe5InaDCvlIpljN2TClQXPHq19RZDLQwHSoR3xG7Meup8zQGj5T
kbW6TSVqeFPA0bX3oexEuOvftx2ervn9Yk0C9wLMA117eYo3El+gyyAS7LgdwljM
xALUWji1jMJLfw9d5SHd+bngbVYJNuw7y3ln6L20Kh0dQmmyMq40l4WbTQxz5wIZ
ucIPFZdhMKrxfFAmNinlC9HOMRhLNS8PsgOShtK+n+c4+oW3nBb3/qdSgbeSjttQ
jtt0r/G/NqjWMz9JQ40IZg9V0guYVYCy3HSxbVvmEPm1SCmWM1A89q6dImRbprH8
YesQwivKCR4CXQ9/7AmzGcpVrLDpS1XNufMjPCVF+6jOkldoOiWW7EBZ8bn0tCmj
7b4BjfBuKHa7FEnFK2X5ut+HUoKJR8CF3jxJTDmPeRKWdK2DQHs2ae2dV5SuYYBR
IJbR2ubd0vxbGlrWmpl7anNYSBBOpphop1CC032RFc2aMQ5AWmFMyWFWchcbHtL+
Dnc1xinEd7d0OpWz49Svrk5RNUJfEYVDbeyd7ivfMeyIRgQQEQIABgUCVHzh6QAK
CRCmZGsAGVT+0mSWAJ9P5onnzL/LaNCRSHGQ6uwhEJCVNgCfRw1kkTyix9+mE1O1
FtD4o9DlKHm0G0phdmFudGVhIDxqdm9zc0BhbHRzY2kuY29tPokCPwQTAQIAKQUC
VHlcTAIbAwUJA8JnAAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEDxoyNvL
p4PvrmUP/Rjbaxt5zu9dU23g8SQLBUXxsdgZXbu3pZvzu+lwd4fvky4mjPHdjxnl
+FPHPDztP1lj0ctU6wRrYlSs5RgDVdiD29jDrVoR7pofu/LkJmdh8NtrWCXLDk0n
nP04YuEmzNt17szjfV3UPdohDuTCP6OrPSpK9YAV2n9xgBdMwBhEKVX7YKvIPuru
7hi+Zd76QFLS5S+PKAnuiAolj0+nsVKz3epZnPKLnaXgTH0crFqrSdQxD6CUVplL
EPn7C7IL0R8Ou6g7qUJd3itfk1JhWoo1zlD7Woc1O3QsIG4SwEsHH4K+XcFdl8sS
lA79Qm5ACM7A2rJg24M4ckPB8gjscMXw5fEiHu6jeCHeu5ldjSSsNwzvPmDnC/XB
LZoWBP5h3hw1YL5v34KTiE4iVieFd78b9BxHgN1nWuhE8iQIF1lHUVRL3+Sqai3q
toIKnAs6x4rSYLEMgxhJ48vd/Xi+Zmu52sdKM/5ql9zxQG7Cd+uubBhJafKxetW4
5jr+L6OplB5inH0MZgw76QDDODMrE0JJsDlT6Tq4/NXT7q5LwJeqZ25AQ7HY4HHB
BL6VfbLGNSBrrtkQeJEKSXd1FeILmcA6vH9cGzfm2lUAdnepxT3B6uEAwohUPq2x
S+M153PDmqKsyylySWpgvn+4tK5HeQw6XbYXY3KX9SNYogWCLMIFiEYEEBECAAYF
AlR84e4ACgkQpmRrABlU/tKAjACfX95rbycC39Kj97n1JCzPDONl050AoJ8HYnjl
2dZEeciqxDvW6o7ZkWc5uQINBFR5XEwBEADK5RhG0GGchvuW5CJVpLMgT9FpOcb8
QOgjS3ztkg7JzkCbZIljOAL0OeGbvLhgg1kqsU9vJPO3zdO29/uJvDNuCKNSwzA4
CY1ZPmFHVBRwhjKB6JzzFN3NgXPZu1f/EiC7/VACyhiRl9Rebsvc2LMUlCtV2PBg
O9qXlI5i0tVLnT+a99urJyggsg2JK9T02G3ex+HlrF/91FCHYOhsGqeXWrMrRChM
tSUos8o6yEW4sO6fJMqqw5/zHTG0v5VpM3MKQf4byphNCB89GxnsMOyDJzI8mQm7
Iwdmtdmv7vKjNdvB5NqHnMstfTwi0G5lbC+JsNLd2IrOCLTNgOPS3bjFsuLDizEV
G6wWihUdKSbcrTs8IiULB9bICLYw5NRlVIwgTD6zUdAcqZhdEkbXqial01P6xzTC
K6k+bvnaVQUnuv903KHvXmJ4ikOtnIzPE2htn4Z1wmzVaMk94CWKtImwpah9l92v
piM75mMD/aBF465+nw87zxqolSFuYsL7gLLakW+Oa/CNPEGGNP3unjojPtzLwXL/
1lLgF1crAjNk0VIT19NN9s7NKfCMjeVIpKmFzQC4pk0ozQdYYumnCE9lse9e0s8A
TMJeIdn/s0E3y1XhbXDMM/R9RKWMRpnwqmPrWwoqqPFp5zbhL16lCW3I626HvpyT
n4OE8Z6P5HHi4QARAQABiQIlBBgBAgAPBQJUeVxMAhsMBQkDwmcAAAoJEDxoyNvL
p4PvUt4QALxZHsYgTsO19AGNMyH2RsZPHjapv6qoudkN8sHMwfliw2QSLuW5txcB
aUkjwTW3U7oCA3VZvAAQNZl5qGBjI0eRCHTTy6HVEfthdFbnkfg/se/gPWsb5KBd
uvGIVwI8OnGCP71vsNItca493/uGwEUsJHRvooEtznzX6k5gw/+Tq/5y9WKuCgXg
MwlklOTSIYI1JrbGmI+OlBYijs2TLTaHc1VjGrwk4dBhtU+gUp5C1AcjrSUnqo9I
zSaDazv4wbppYP61i/2HyqD0z2mdvddI42okOi6nff6f6rhsID6xODlKLSP/tnws
dPHBYkAX31XxBNaiS1GOeaaBW/gO8Kuv5Wb+jTtAXpUVzY7yxWgC86VPstkOn487
Go8pFi4H/qYBZ7krgHZlsS+HjNHGX4bhyZOksKUKhvtqtVKYve1LRI49Q0ibCvt6
EsW5+zSilk2JIL7CSnU6E3IMkB5cpGo8EXbr9HsY6aDioWhjSfyTrKKeMPprhWbi
mZBlGpSZpp0om72DOCsY8twdHguSDZZTsY4EUUpy19hgEPwYPlSHW95dzKFMsEid
gKbNqhttXi/3j7cx2ecyYDdZeS6oraPaSMsT+PhGId0DiTHawlNlyjGm9D+awq3U
G0tgUdIld+3srJDHuSYv0sw0MZezxef8+zXPJIO0EoOOps0q6qA8
=ua9y
- -----END PGP PUBLIC KEY BLOCK-----

For those who are interested in the OpenPGP format. Here is a parsing of the above public key:

Read more »

The First Vulnerability found

Sep 15, 2013 by Javantea


Sept 15, 2013

The first vulnerability has been found in AltSci Crypto Mailing List. It took andrewx 13.5 hours from the posting of this blog to find a Django Security Bulletin posted today which is a denial of service via long passwords. After learning of this, I promptly upgraded Django on my server.

Javantea Out.

Read more »

Crack Me

Sep 14, 2013 by Javantea


Sept 14, 2013

The first post to AltSci Crypto Mailing List has been posted. Let's get to hacking. AltSci Crypto Mailing List First Post

For more information, check out the previous post about the AltSci Crypto Mailing List.

Read more »

« previous