[Cryptography] How to prove Wikileaks' emails aren't altered
Jon Callas
jon at callas.org
Thu Oct 27 16:48:31 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> On Oct 24, 2016, at 8:03 PM, John Levine <johnl at iecc.com> wrote:
>
> PS:
>
>> This means that in a case where someone has hacked a system, if they have the email stores, they probably also have the DKIM signing key. If they have
>> the DKIM signing key they can create whatever messages they want and sign them, with backdating and anything else they want.
>
> In this case it's well documented that bad guys phished John Podesta
> and took over his account to download all of his mail. There is no
> evidence of a compromise at gmail itself.
Sure, but the fact that these keys have been sitting on edge MTAs for ages means that they could have been hacked otherwise. The DKIM keys are low value keys, remember.
On top of that -- why would you doubt the plaintext as is? We all know that it's likely to be true. We all know that there's a chance that some of it isn't, and we know that they juiciest parts are the ones most likely to be a targeted forgery, which could have been done by trading to some other gang who have hacked some Google MTA.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii
wsBVAwUBWBJoIfaTaG6hZJn9AQj8ZQf9FfsgWWN8rJ4CKVyqOZ2fuhu15amVsMjS
Ie5zfh/ccrR3DpHuEa3vbVKMMN76Yu/TpXzKj7kj+axuX5Og1fqzDugL0aFLisT1
gxMuUaJQZp4FySTFmvSv2QMIV82JK6c/Lwl2On59CCzery6xRBvtlonmlDw4Rrix
PffM04PKZARvtkzWGIqwAIjBL2SSVektvhpS+EnZsyUMmhm5omQjkMGGglXqKLMd
f1WpH5Nrw76m0X2s0cHXW+kWxZaoPAFSt7DgCGiDHqGy+kthHIOYhKbthPuuLhF1
E7vszNts11bDNXWBaO3MftHVRo7AJWdNM+yeVYHCdkg9rwj1Ly58sw==
=izU2
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list