Maybe he should contact the FBI: SECTION III - CYBER INTELLIGENCE
FBI MAGIC LANTERN -- According to media reporting, the FBI recently was forced to reveal another part of its Cyber-Knight project, an effort by the Bureau to monitor Internet communications. The new FBI program, called Magic Lantern, is described as key logger software designed to steal the pass phrase used to start the popular encryption program PGP, or Pretty Good Privacy. A key logger program is designed to capture keystrokes - what a user keys in - and then store the data in a separate location for later retrieval by a hacker. The FBI plans to use Magic Lantern to capture PGP information to crack encrypted e-mail and intercept Internet data. Magic Lantern is reported to have flaws. It is allegedly sent in a fashion similar to several virus programs, either as an attachment via e-mail or downloaded from an infected Web site. However, the Magic Lantern program may also be mistaken for a virus program, or as a "system upgrade." The sudden discovery of Magic Lantern caused a flurry of activity from computer software producers. Anti-virus software maker McAfee Associates denied a recent report that it was working with the FBI to ensure its software would not stop the Magic Lantern program. Magic Lantern is also not perfect. Magic Lantern is not designed to stop other popular computer encryption programs such as Softwar Pcypher and Mystx public key encryption systems. These encryption software utilities do not use pass-phrase technology and are immune to Magic Lantern-type attacks. E-mail and data scrambling is done with the mouse using data keys that can be stored on offline diskettes, zip drives or CD disks. Last year the FBI was forced by privacy advocates to reveal that it had a software program called Carnivore designed to monitor Internet e-mail. The Carnivore system (now re-named) is reportedly installed on Internet Service Provider computers, allowing the agency to siphon off data from suspected customers. - Marc On 28 Dec 2001, Kevin D. Clark wrote: > > Benjamin Scott <[EMAIL PROTECTED]> writes: > > > You are pretty much out of luck, then. The whole point behind things like > > PGP is that they aim to provide unbreakable encryption. If you lose your > > passphrase, you effectively become an attacker. If they made it easy for > > you, they would make it easy for the attacker. Your only option would be to > > brute force the key -- you might crack it in a few billion years. > > This is all pretty much false. > > Paul has lost the passphrase that protects his cryptographic keys. > He's *does* have the cryptographic keys though. > > Paul needs some way of recovering the passphrase. If this is Really > Important, Paul can recover his passphrase, if he wants to devote > sufficient resources and/or resources to this task. However, let me > categorize this further: it probably won't take thousands of years of > computing time to recover the passphrase. > > > Suggestion: > > http://www.accessdata.com/Product00_Download.htm?ProductNum=00 > > > --kevin > -- > "There was no way in hell Bill Gosper was going to work under a man > who did not know why the logarithm of the sum was not the sum of the > logarithms." > -- Steven Levy, _Hackers_ > > > ***************************************************************** > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > ***************************************************************** > ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
