From: Adam Back <aba@dcs.ex.ac.uk>
Date: Thu, 15 Oct 1998 00:23:01 +0800
To: cypherpunks@cyberpass.net
Subject: more Toto keys... so what's it all mean
Message-ID: <199810141529.QAA32138@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain




Someone asked me in email what the meaning of the last 3 posts I made,
the plethora of public and private keys, discrete log attacked,
deadbeefed, forged, factored, decrypted etc. getting confusing.

The 3 messages I wrote this morning go together, -- they are all on
the same post by anonymous/Toto, just me realising more things about
it.  Here's what happened (play along if you like):

a) I tried fetching the key the message was encrypted to (try to
decrypt it -- it will tell you what keyid you need) from a keyserver

b) I noticed that the public key I fetched is the 384 bit blacknet key
which Paul Leyland broke (clue was the key on the keyservers is
revoked, and only 384 bits, which made me remember Leyland's
factoring attack),

c) used altavista to find Leyland's announce to sci.crypt a few years
back which included the private key he obtained by factoring the 384
bit blacknet public key

d) decrypted the message with the blacknet private key, 

e) inside the message was a public and private key, at this point
whoopee yet another Toto key (post 1), 

f) wondered if this key was the one which signed the messages the IRS
has incarcerated CJ over, checked the signature, yes! (post 2),

g) tried to sign a message with the key -- oops it has a password
because the private key is encrypted, 

h) tried the passwords that John Young forwarded to the list a few
weeks back from some anonymous source, yup one of them decrypts the
private key, and we are able to make signatures! (post 3).


As to what it means -- it means that one or more others could have
been the author of the message the IRS claim Carl Johnson wrote.  Heck
anyone could sign posts with that key now.

The allegations that CJ was sharing the "carljohn" account at
sympatico with hackers may also be interesting especially if anyone is
still able to verify that the account details are correct (who knows
-- maybe the account is still active! -- anyone want to try?), because
it throws even further into doubt (aside from the doubt arising from
the numerous forgeries surrounding Toto) the IRS presumption that all
things apparently sent from sympatico were written by CJ ...

Perhaps Jeff and fellow IRS agents could ask sympatico if they are
able to verify the validity of the account details.

Adam
-- 
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`