
An encrypted message to Edward Snowden - koenrh
http://www.wired.com/threatlevel/2013/06/signed-bda0df3c/
======
gasull
Snowden, just remember that Kevin Poulsen and Adrian Lamo helped the US
Government in catching Bradley Manning.

EDIT: Also, a pretty safe way to carry an interview would be VPN + Tor +
Bitmessage.

EDIT2: Users sneak and tlb claim Tor isn't safe because of timing attacks.
Read below.

~~~
klpwired
This is Kevin Poulsen. Just popping in to correct this. Adrian Lamo turned in
Bradley Manning. All I did (being a reporter) is break the news.

[http://www.wired.com/threatlevel/2010/06/leak/](http://www.wired.com/threatlevel/2010/06/leak/)
[http://www.wired.com/threatlevel/2010/06/conscience/](http://www.wired.com/threatlevel/2010/06/conscience/)

~~~
gasull
There's no way to know if you're really Kevin Poulsen. Your account was
created an hour ago. It could be someone trolling. If you want to prove this
is you, you could link your comment from a tweet.

I've read more about your involvement in the Lamo-Manning conversation, and
I've changed my mind. Lamo turned in Manning. But you knew Lamo was planning
to deceive Manning to make him confess more leaks in a second chat:

[http://www.salon.com/2010/06/18/wikileaks_3/](http://www.salon.com/2010/06/18/wikileaks_3/)

I can't edit nor delete my original comment since the edit link has expired.

As an important actor in the Lamo-Manning story, I would like to ask you some
questions.

\- Do you think Adrian Lamo acted ethically?

\- What's your opinion on whistle-blowers and their role in democracy?

Thanks.

~~~
MacsHeadroom
He could sign his comment with KP's GPG key. That would be proof. Somehow I
feel the real KP would have been savvy enough to do that in the first place.

------
cdjk
If Edward Snowden does have a pgp key (I can't find one online), it hasn't
been revealed in this message. It looks like the signing and encryption keys
are the same:

    
    
      gpg: armor: BEGIN PGP MESSAGE
      gpg: armor header: Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
      gpg: armor header: Comment: GPGTools - http://gpgtools.org
      :pubkey enc packet: version 3, algo 1, keyid 5B50940B79DEBE35
              data: [4096 bits]
      gpg: public key is 79DEBE35
      :encrypted data packet:
              length: unknown
              mdc_method: 2
      gpg: encrypted with RSA key, ID 79DEBE35
      gpg: decryption failed: secret key not available
    

Of course, they could have used --hidden-encrypt-to, but I think it's more
likely a publicity stunt.

Oh, and if you do find a key claiming to be for Edward Snowden online, verify
that it's actually him, ideally through the web of trust, and that it isn't
just a key that was created after the news was leaked. I'd be wary of any keys
on keyservers claiming to be him that have been uploaded after he went public
with this.

~~~
unsignedint
If --hidden-encrypt-to is used, there still will be signs of that.
Specifically, the message addressed to 0x0000000 and the recipient will
basically brute force it uses every key he/she has.

Having said, that, according to PGP Dump

    
    
      Old: Public-Key Encrypted Session Key Packet(tag 1)(524 bytes)
            New version(3)
            Key ID - 0x5B50940B79DEBE35
            Pub alg - RSA Encrypt or Sign(pub 1)
            RSA m^e mod n(4096 bits) - ...
                    -> m = sym alg(1 byte) + checksum(2 bytes) + 
      PKCS-1 block type 02
      New: Symmetrically Encrypted and MDC Packet(tag 18)(4096 
      bytes) partial start
            Ver 1
            Encrypted data [sym alg is specified in pub-key 
      encrypted session key]
      
                    (plain text + MDC SHA1(20 bytes))
      New:    (1024 bytes) partial continue
      New:    (18 bytes) partial end

It looks like we can merely see that the message is destined to
0x5B50940B79DEBE35. We won't be able to tell who's signer until it is
decrypted.

~~~
cdjk
Ah, thanks. I learned something new today.

------
trotsky
Every now and then I start thinking that Poulsen is starting to get the hang
of honest journalism and some amount of professionalism, and then something
like this comes along that makes it obvious he's still the same pathological
attention whore whose primary hacking talents amounted to getting caught a
lot.

------
_bpo
The target key was published on 5/20.

    
    
        # gpg --list-packets /tmp/snowden.asc
        :pubkey enc packet: version 3, algo 1, keyid 5B50940B79DEBE35
            data: [4096 bits]
        :encrypted data packet:
            length: unknown
            mdc_method: 2
        gpg: encrypted with 4096-bit RSA key, ID 79DEBE35, created 2013-05-20
          "Verax (Informed Democracy Front)"
    

(79DEBE35 can be found on the subkeys.pgp.net keyserver)

~~~
kgo
Meanwhile, per the Washington Post article, he asked the guardian to setup PGP
in Feb, and his contact finally did so in March, both before this key's listed
creation date.

------
b_emery
From
[http://www.gnupg.org/gph/en/manual/x110.html](http://www.gnupg.org/gph/en/manual/x110.html)

"A public and private key each have a specific role when encrypting and
decrypting documents. A public key may be thought of as an open safe. When a
correspondent encrypts a document using a public key, that document is put in
the safe, the safe shut, and the combination lock spun several times. The
corresponding private key is the combination that can reopen the safe and
retrieve the document. In other words, only the person who holds the private
key can recover a document encrypted using the associated public key."

~~~
auctiontheory
In a world where the US government is scanning all your electronic
communications, and (we'll next discover) searching your OS X- and Windows-
based computers at will, how do you, as a practical matter, keep your private
key "private"?

~~~
trotsky
If you want a realistic chance of not losing control of your private key the
only real answers are hardware based - using a tamper resistant smart card,
hardware security module, tpm or similar systems in which the signing is done
inside the chip that contains your signing keys and no general purpose device
ever sees the key at all.

Most people using software only solutions won't ever have their keys stolen,
but that's because nobody tried to steal them. The compromise of a client os
is inevitable if targeted by a competent actor, given enough time.

Smartcards and HSM's may not be infallible, but their rate of compromise
appears to be negligable at best and an extremely rare capability for an
offensive team to have access to.

Smartcards are surprisingly cheap and easy to work with, and due to their
simplicity and long history are quite secure. The only real attack on them
involves physical access and causes obvious physical damage that'd be
impossible to miss.

~~~
nthj
I would be very interested in a a tutorial or guide for getting something like
this set up on OS X.

~~~
dsl
OS X has smart card support for FileVault 1 but not FileVault 2. It only
includes enough drivers to support US DoD CAC cards, and other NATO countries
that have standardized on our stuff.

~~~
kgo
With regard to PGP, you can get a reader and smartcard from Kernel Concepts.
Assuming you already know how to use GPG, it's pretty easy to set up.

[http://shop.kernelconcepts.de/index.php?cPath=1_26&sort=2a&l...](http://shop.kernelconcepts.de/index.php?cPath=1_26&sort=2a&language=en)

------
EGreg
[http://xkcd.com/1181/](http://xkcd.com/1181/)

"If you want to be extra safe, check that there's a big block of jumbled
characters at the bottom."

:)

------
marshray
If you look closely, about halfway down, in the ciphertext you can almost make
out some non-random parts:

[http://pastebin.com/q7mxqRn7](http://pastebin.com/q7mxqRn7)

~~~
kyberias
This made my day. Thank you! :)

------
jevinskie
What more is there to glean from this bogus message?

    
    
       $ gpg -vvv -d letter-to-snowden.txt
       gpg: using character set `utf-8'
       gpg: WARNING: using insecure memory!
       gpg: please see http://www.gnupg.org/documentation/faqs.html for more information
       gpg: armor: BEGIN PGP MESSAGE
       gpg: armor header: Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
       gpg: armor header: Comment: GPGTools - http://gpgtools.org
       :pubkey enc packet: version 3, algo 1, keyid 5B50940B79DEBE35
               data: [4096 bits]
       gpg: public key is 79DEBE35
       :encrypted data packet:
               length: unknown
               mdc_method: 2
       gpg: encrypted with RSA key, ID 79DEBE35
       gpg: decryption failed: secret key not available

~~~
reeses
There's a 'secret' URL in there that anyone able to decrypt the message will
be compelled to click on, at which time the creator can claim either to have
contacted Snowden, or to have empirical evidence that the NSA can crack
4096-key RSA PGP messages and none of us are safe.

~~~
mvc
Best rick-roll ever!

------
LoganCale
There are a few things about this that seem odd to me. From elsewhere in the
comments, the key is encrypted with 79DEBE35, which, if you look it up on your
keyserver of choice, belongs to "Verax (Informed Democracy Front)", created on
May 20, 2013.

Verax was the name used by Snowden to communicate with Laura Poitras (and
perhaps others as well), but the story didn't break until June 5 and his
identity wasn't revealed until days later.

So why is Wired encrypting a message with a key using that name that was
generated before the name was publicly known in association with Snowden?

EDIT: Disregard the above—the "encrypted with" key is the recipient's key, not
the sender/signer. 79DEBE35 may well be Snowden's key (but that's not proven
either).

------
CptCodeMonkey
Let's see, carry the N, divide by P and "Be sure to drink your Ovaltine"

------
joeyh
Interesting, the encrypting key is "Verax (Informed Democracy Front)" and
claims to have been created on May 20th.

I can't tell what key the message is encrypted for. They may have used
--hidden-recipient

~~~
LoganCale
Verax is the recipient, not the sender. Messages are encrypted using the
recipient's public key. You can confirm this yourself by encrypting a message
to someone else and checking to see what which key it shows under "encrypted
with".

~~~
joeyh
Thanks for that correction. Makes this all even crazier, if Wired is straight
up trying to send him a message this way.

------
tzury
There is more to it than what you see.

The NSA is known[1] to be able to take advantage of weaknesses found (or
planted) in crypto algorithms, however, not in PGP[2] and other strong ones.

1\.
[http://en.wikipedia.org/wiki/Cryptography#NSA_involvement](http://en.wikipedia.org/wiki/Cryptography#NSA_involvement)

2\.
[http://www.philzimmermann.com/EN/faq/faq.html](http://www.philzimmermann.com/EN/faq/faq.html)
(3rd question)

------
aaron695
So at a guess basically they've encrypted a message that is not Snowden's key
that somehow calls back when decrypted (link, exe or something) so they know
if the NSA is listening in.

~~~
antocv
That would be damn interesting if during decryption it could exploit the
decryptor software, PGP, and ping a server or two.

Is that possible? To epxloit a decryptor software while it is decrypting
something.

------
motters
My guess is that this message is Wired asking Snowden for a chat so that they
can get some kind of exclusive story. However, as others have pointed out,
Wired magazine doesn't exactly have a good reputation when it comes to
defending whistle blowers.

------
outworlder
What's with the posted image? Is that just for illustration, or is there
steganography going on too?

I couldn't find anything running a couple of programs on it, but then again I
don't have the contents of the attached message.

~~~
jmyc
It's a picture of the NSA headquarters at Ft. Meade. That may be all there is
to it.

------
AKifer
Is this just another way to locate him as if it's really serious, only his
private key can be used to decrypt it, and his former employer have the public
key they use to exchange crypted messages before. In this case it's really
stupid

------
piratebroadcast
Lets say I wanted to send an encrypted message to Poulsen. (I do NOT, just
figuring out the tech) How would I find his public key? Ask him for it? Is
there, like, a directory?

------
edgesrazor
I was hoping to find something in the EXIF data of the image of NSA HQ on the
page, but I think I'm trying way too hard...

------
peripetylabs
An open message to Snowden: this reporter would hand over his private key in a
second.

------
rlwolfcastle
Honestly, who do they think he is, John McAfee?

------
j2labs
painfully cheesy

------
drivebyacct2
I don't get it, unless Snowden's published his public key somewhere and Wired
has some really, really important information for him?

~~~
dthunt
The reason you would advertise a page like this is to get lots of people to
visit it. It gives Snowden the ability to look like any of the other (tens?)
of thousands of people who visit the URL in the next little while.

~~~
gasull
The Snowden could use Tor to access the website.

Also, there's no other way to get the message to Snowden unless you give it
publicity. If he browses the Internet for news, he will find there's a message
from Wired for him.

~~~
fleitz
If you were hiding from the NSA.... I'd avoid browsing the internet for a
while...

~~~
gasull
If he's using Tor, and not login in in any site, how are they going to know
it's Snowden?

~~~
fleitz
To be fair he's not really hiding...

~~~
dthunt
Tor is only safe to a degree. Probabilistic flow analysis is a real threat.

