10 February, 2011

Interesting questions; Is PGP cracked, did PGP pony up, or did they sneak the keys?

I was made aware of this late this morning, I do not have a WSJ account so I looked at the Google Cache of the article and did a bit of checking and am not certain about this at all. In fact, after looking I am actually asking several questions beyond the title.

Note the relevant text:
Mr. Ball said he noted these files were unusually large, and discovered that they were actually created in a different program, Pretty Good Privacy, which enabled each file to run as a separate, encryption-protected "virtual hard drive." Without the correct password, the files were completely unintelligible.

It's the equivalent of "a safe with a combination," Mr. Ball said in court. He sent the files to British intelligence services, which returned them decrypted, or unlocked. Once able to open the files, Mr. Ball testified, he still wasn't able to read most of the messages contained with them: Mr. Karim had enciphered the text, leaving it scrambled and unreadable.
Now others will say that the following means the found the keys, but that would be wrong. Read the paragraph above once more then this paragraph:
Mr. Karim left police a clue, however. On the external hard drive was a disguised file that looked like it was meant for viewing thumbnail-size photographs—but that actually consisted of text with instructions for using a spreadsheet containing a purpose-built formula to decipher the message, according to Mr. Ball. The spreadsheet also worked in reverse, enciphering messages before sending to another member of the group, Mr. Ball said.
This means the second level of encryption, not PGP, so the four main questions are:
  • Is PGP cracked?
  • Did PGP pony up a backdoor?
  • Did the investigators sneak the keys?
  • Is there a mole that provided the keys?
I really am not sure as other questions arise from this.


No comments: