Hacker News new | past | comments | ask | show | jobs | submit login

? Can you explain? My understanding is that the signatures are still on the dumped emails and that one purpose of digital signatures is non repudiation - essentially immunity to tampering.



The most obvious method of attack is to steal the email server's private key. Something a state level attacker is probably capable of.

There were a few other methods of attack proposed when this first came out. The most likely was the vulnerability of 1024 bit RSA that was used here. There are concerns that 1024 bit RSA may be vulnerable to well financed attackers.


Has anybody alleged that the private key was stolen or cracked? Can you cite anything at all or is this just conspiracy theory?


It's not a conspiracy theory because I'm not alleging it happened, but it is likely something that the Russian government is capable of.

Given that very real possibility, the digital signatures aren't ironclad proof, which is what the poster above was saying.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: