Re: Hack PGP

From: Andreas Putzo (andreas_at_inferno.nadir.org)
Date: 01/17/05

  • Next message: James Eaton-Lee: "Re: Hack PGP"
    To: security-basics@securityfocus.com
    Date: Mon, 17 Jan 2005 20:33:57 +0100
    
    

    Hello,

    On Saturday 15 January 2005 07:06, Daniel Persson wrote:
    > I have a delema that is quite strange but then again feasable. I did a
    > backup on my system and wiped my harddrive and then installed
    > everything from scratch.
    > My problem was that the PGP keys where locked down on my harddrive and
    > couldn't be copied by the backup system.

    Bad. Very bad. Keep at least one copy of your secret key on a save medium,
    eg. an usb-stick or a disk in your bank deposit box.
    Facing your problem, i would 1st try, to recover the key from your
    harddisk. By 'wipe' you mean a simple delete? If so, you _may have a
    change without paying a lot of money for a forensic professional.
    You may take a look at sleuthkit[1] or 'The Coroners Toolkit' to look at
    your HD for deleted files.
    If the name information for your secret_key is gone, you can possibly
    identify it on its size.
    Of course, you have to stop writing to this harddisk immediately! Take an
    image with 'dd' to another harddisk and work with this image further on.

    Good luck!

    Andreas

    [1] http://www.sleuthkit.org


  • Next message: James Eaton-Lee: "Re: Hack PGP"