This blog has moved to Medium

Subscribe via email


Posts tagged ‘Cryptography’

Hello PGP World

Update – This experiment didn’t work so well, due to formatting errors. The message below won’t actually verify as signed by me. If you want to verify it, view it in its original form on this github gist.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI World, I now have an official public key.

It is availble here: http://pgp.mit.edu:11371/pks/lookup?search=ron+gross&op=index
Specifically, it is this one: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6016B419893E4632

I've been meaning to generate a public key for some time, and finally I had an actualy need for this.
(A company I'm doing business with asked me to verify my identity and communications via PGP)

If you want to do the same:
1. Download gpg from http://www.gnupg.org/
2. Install (it took quite some time ... I thought it's stuck, but it finished at last).
3. Install some frontend for it. GPG is a command line utility only. I'm trying out Cryptophane - http://code.google.com/p/cryptophane/
The full list of frontends is here: http://www.gnupg.org/related_software/frontends.html
4. Create a private key for yourself (make sure to use a strong passphrase) & back it up.
5. Upload the public key to mit servers: Keys-->Send To Server
6. That's it - you can sign messages from now on.
7. You can also use it for encryption ... read a tutorial if you're interested.


Here is the public key itself, as retrieved from http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6016B419893E4632



Public Key Server -- Get ``0x6016b419893e4632 ''

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0

mQGiBFAZogoRBADhk+2Gcmpy9LrPXZCYiUeszvag7udW8LPrNPGy4wxGMNgHD1yp6t1X5QBZ
P0ZHF3kC8CnucFXkGxme85gH98Yj4lBVfW93ZowHeFkz0jGdQGEUMJt0Y1q2H0Swj+D4wbu7
/7wq0/G6E+35SJTEYPlZlDwitzPOVZExM3CI4LkfAwCgwJ8c7l/gcWE0J8V/XzYd7oDUQU0D
/RY9YwRp/r4ZKi6PSbyKn8cF4lSzZ6dV+wyys9oBXfAz+g3QJVrXei0sHxW0ZyaN4veRP84J
BQty+SBBYD7wb1J6JZH/soAE6AjnSu3xE3ak2TXTpPFFmwnzniUP5PgcBpqaFbORdMC5289F
ZLXkHY7/cvWOUH53i3ulShIXBUBwA/9Ed85ZpnwphKnCQBPbF216coubc6xqsYZqR81YiAch
S3xp4AW/Jp8WL3syFpnSIzn2z8lVXs//C2seQFZQNewW3vHl4p3yfC0Lc7US8mRVrE8/XGEe
mzUCMTWgeW/OM+w7Y+L/4SRtBhhGcI/gG/4KdsnmMVodP2QpbzJfbwDuLbQfUm9uIEdyb3Nz
IDxyb24uZ3Jvc3NAZ21haWwuY29tPohdBBMRAgAdBQJQGaIKBgsJCAcDAgQVAggDBBYCAwEC
HgECF4AACgkQYBa0GYk+RjKwewCcDV+XHJsq5eLzLYKIZhyvU6Zgyj8An1D/FPBQ70WAyMVu
ZPgjAHkYYrDXuQINBFAZog4QCACrWGUPJh9ueqQ+JlPKnRLHKbdzJ9Zl30+jc6XXNExKsQdJ
pMLUay34PhK2D7NRdb4Sz/eCzlo7aosXJBeAPK8T2BGLT0b0Uo+b0A9j/Qb82DYFMgahzysM
MfOZj8RmIsX5u8B1o+36Q+wa2DaTBx0cKdkL7DAXaYJwr6QGoBGnVyx3srJ/G91/D8fOGWXj
o5U0HX9d8FXgiLr71NlCgudBV6mqaSPdJfr6QIf7AFNpbORpK0LpA4RK4Z72dxYGHKhGeBp9
aK3pokE1eOCY3F2COLMCIrQtHaCQ2euTPD6uSnWXZQKJivJuOVyJMt9kAi03RDTz8X1sIZd+
KT1+t2MTAAMFB/0RapZBNPtqMuZafVbXKJKr26HjLWigdw4Qo+Rwz8oGp3I8+IZO8o/NT7c9
JqCp6EHjumK7a308J4hOCadvVv2LMecUAMUepIjC5FtZS7NwCCfJUkp4dC9ufSpfgHdCgn3W
WejKitrFu3dOyPkIVjE4AwUxhtZLh4JfaK/D72AXyAR3Bd+cDi40aoG0B+vsYTx02PhpN8h+
MlHnoEc2rFbm5jNFXa1pfu9LwvYBAq1jB/dZoyymEAE8HVsOMMXn3iMNb3Hb0ElVYm0nxXxv
WHhq77QhW52rK0pT9ArSrcZJiVdcoQES066SAfxKAR+aB4T7F6qUK9EA6IZ7+OuDTUm7iEYE
GBECAAYFAlAZog4ACgkQYBa0GYk+RjK89ACgpID/G8H9WFm+v4kwn/LI08D0ULgAnRJqFnJ9
0xlDKHu06gL/bX6Sx3IS
=yZoW
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFQGaujYBa0GYk+RjIRAgciAJ9hqWvfaGcleo0Hb9MUCFkRo9f11wCfX+jW
A3zECBDorlkrOQfjDajI7fI=
=iXSN
-----END PGP SIGNATURE-----

Using Google to reverse MD5 and how I almost revealed my password to the world

In this article Steven explains how he used Google to find the password for a given MD5 hash for a user that hacked into his site.

In one of the comments a reader points to this website that offers a direct database of md5 hashes. You enter a string and get its MD5, you enter an MD5 and (if it’s known) you get the original string.

The database only works on known (text, MD5) pairs. If I ask for the text of an MD5 the db hasn’t seen before, it won’t give an answer.

I use a single password to all my internet activities, because I’m lazy. So I almost went ahead and entered that password into the md5 database in order to check if the md5 is known. Then I realized how stupid this would be – it would actually add the information to the db, and actually reveal to the world my password.

Instead I privately checked what my MD5 is (using this C# code), then entered the MD5 into the DB to check if it knows the original password.

The result? No it doesn’t 🙂

Very Cool Cryptography