[Cryptography] How to prove Wikileaks' emails aren't altered
Bill Frantz
frantz at pwpconsult.com
Sun Oct 30 14:38:03 EDT 2016
On 10/27/16 at 1:48 PM, jon at callas.org (Jon Callas) wrote:
>Sure, but the fact that these keys have been sitting on edge
>MTAs for ages means that they could have been hacked otherwise.
>The DKIM keys are low value keys, remember.
>
>On top of that -- why would you doubt the plaintext as is? We
>all know that it's likely to be true. We all know that there's
>a chance that some of it isn't, and we know that they juiciest
>parts are the ones most likely to be a targeted forgery, which
>could have been done by trading to some other gang who have
>hacked some Google MTA.
While it is possible that forgeries might be produced by a gang,
I think the motivation for a nation=state attacker is a lot
better. The whole purpose of releasing these emails is to affect
the US election and its perception around the world. That is
most likely nation-state business. Nation-state attackers are
likely to have better attack tools too. I could see a
nation-state cooperating with a gang to perform the attack as well.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list