[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Thor's Private Key

You must not have read closely then :)

The GPG key structure is a collection of all keys in a single database.  If you 
want to use different keys, you have to move entire keyrings around.  
Exportation of keys is in ascii, but you can't programmatically access any 
elements of the keys or the encrypted data itself with an open format.  By 
default, the encrypted data is all binary, and if you ascii armor the actual 
data, you've got multiple steps to decrypt it and can't identify key 
information from it. 

GPG must be "installed" on target systems, and you have to be an administrator 
to do so.  TGP runs as a single executable.  TGP has full access to the X.509 
Windows Certificate Store and can validate PKI infrastructures based on these 
certificates.  GPG can't even access the cert store.  GPG has no provisions for 
key management at all.  TGP interfaces with my "Rainmaker" API to provide 
off-site key management and verification based on permissions and certificate 
trusts.   As such, the client never has to have the keys in their possession, 
and the keys never touch the file system.  You can't do that with GPG.   TGP 
encrypted data is "cloud ready" for SOAP/XML -based API structures.  You can't 
do that with GPG.

TGP also is the only multi-platform encryption tool where you can encrypt the 
data on the PC, store it in the cloud, and then decrypt it on Win7Phone with 
even TGPMobile taking advantage of the Rainmaker API key management system.  So 
for mobile applications you also never have the key on the device.  

TGP is trivially easy to use.  Average computer people can use it (and do).  
I've seen PGP/GPG deployments fail miserable because people couldn't figure out 
how to use GPG.  

Most importantly, I can make it do whatever I want it to do without having to 
parse through mounts of pieced together code authored by who knows who.  

Those are some of the differences - not that it matters, of course.  I've made 
no claims regarding any differences to GPG good or bad.  I comment about PGP on 
my site, but that's it.   So feel free to LOL all day, but I really don't see 
what your point is.
t

-----Original Message-----
From: Jason Hellenthal [mailto:jhellenthal@xxxxxxxxxx] 
Sent: Sunday, April 08, 2012 5:41 PM
To: Thor (Hammer of God)
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Thor's Private Key


LoL WuT!

Whats the difference between just encrypting your data with GnuPG... and yes I 
read your about TGP page lol.

On Sun, Apr 08, 2012 at 10:54:34PM +0000, Thor (Hammer of God) wrote:
> Please ignore (again).  I need this key here to parse some FD archives.
> 
> 
> <?xml version="1.0"?>
> <!--TGP - Thor's Godly Privacy: KeyFob XML Document--> <KeyFobs>
>   
> <KeyFobName>TGP<FobName>PrivateTest</FobName><PublicKey></PublicKey><E
> ncPrivateKey>193PM88EjC/C7DtVH/UWzI9ALhLyxr/vbeV95vGvVPlw5KKH3szdnzCMs
> 7cFWC7Hq2vqxIVwIDMrp9fG43mPnS1+Ya/96TmBk88gCcwdkkKlc4UDHDj73mEhvIra0P0
> /L2VZDxX9rFbv2rEKMTKLXnW6dMSdJbfCN1AOI+jCsv+9pm7bcbSCRMaOJZoXUHjZiW1gp
> unUqi0zgbXYo10WGZJhfYa1uL9x4NuUjZ9P6m9haum8T1YQiV7+EZwbRl+9wD4bZ97pbP0
> d7fikCJFw/0VaN2EJpgpzlxDEmTWpaAomKk/3gd4TAo+iM53XX3uwwL0g8yXWqgllZRLZS
> 9u5jS6ZPzNwhy8n4+FER7as4IpDZwOjg9vKNyBPYNN2xPOh6gOBKUZERRkuyp0zTyOZPTH
> 0D3/xlCqXlfhyqzntmxSpiCH2dzuhJR8Rj+LJcTTgzNsVNo2zSq9BfdTLZNsV5g2l/2PTe
> cA9DbDWrDQHBmMbSIbxqBLtxD+kVUm1XPf1C/5bhfbuZroCXGGgE6NykBpH5rThfRDV/7R
> cMqtd1d/2kIy0y5R0p9lsGKy3UHejuPP2x9KRWjb7en7GFnC9u3BE/92qOxJO1x98pdYn3
> HS6QkmJKM1cvHhoxrowT8T87YEjK6o3J6s36xKW6kzTVS6AQMS8CfAb2lodheqvccREFUo
> PB/3n7BXbGT1gk9udApaaCcu8nNCsjDVfVMfYMuDk2SsJzkZvhOylsJNYmLrd9TuGOh7XT
> Dqi5GjT9Bg2rPFImxuuB5Y1kSag9Po2FKAfHIfxmDzPQQDo7wyclN5yrGmVCJOZfRZuFOQ
> cRh1t9p+F2eoe/zJJcN3BuMaCNyoEHx4ePDEtrCmYvvrSwCn7MBZM2qI/fZnuQp6SsbwyC
> znDub2wtx+Yjz4hoYnmDd3B2uY11WZ8Fd3NOHV9vcNhEfr2gjCyJoaSK2chiz1BJGWlI85
> Gy1h9onf8wLxwNh6+S5HJ4PrDG8uF/SsDHIiODyWfwLtX/fVfdumNw1bINQMdSfJDw7ViH
> lmWuOlDaJHQY2soeI/mSB8Wem7551iS//jN4iCM8yJ0RDKay8d4HHRdGFyy4zGMVByzTOy
> AqH3k90eQjB+8DW8Jzo/Yi8mxYD1Z54aZycamhN2R9x3u08tf/AUdw0+nymbaksnQireZH
> 6YIGNd2WutE2R/2/fGmDR0YebA4dP7KJ0NzKnLzFYnCY/WR9oxdKRHCa8pY1xvs+V722+q
> LHmI97bKkxWEnY+FkuxhlZiMDMIEpFTifoXlQlqVUQoqFgV2HZO7KeUZMtm2yzUvcKUeOj
> 2gHs0Qw9z0QxcMqe0Pp1k8ZqoSBqO7T4j3LHDkwwvfe8kp6ve9QhksYLnqI/5Gegu7/lz1
> srwFo8+kbAMns/O55h5ISQOV5T7ElSgDEhQqDRFA3fdytgjZDFsB0JVkvb89dtJUU89qC9
> fX08hg1YZzAdoyDsefRu5dAwOfOeXKVmVkbIUcEASm5/8k1gvdDEDy6gBl0u1xLOGYK0i3
> liyLlOgWbPA3iEmYsGZyorRKn5q2sT/BVNQQTL9wdZiw3d8Zu0SiHpZyW98SfrOL3bHC0a
> xIK+VFd3sQXm98l6IV/hGoevr4zRFrWktiCnh5QG5viy4NcoqCcgkU514v4RUMjQMytEKQ
> hGgTOoJdAdutlD8B0nQ5pYExcecamlMhWwjujjw988b/GlQ9cnchGzLoSVxdgo2Xuvetxs
> FPnTzpl5kv4rLtnepAzfJbs4WQziLSUijK+BtnZVujpihFDkz2ZFMIcOiVaKLtl1kU2uBC
> ziw2WrBsq37CyzZZRhr9vNd4PWO6QBopPq4pPTM3llQ0nUrnGNDfmc05kSRxM4eiprKxGo
> BYdMJfOfcFPj49qbUb8TYtYz3Fgoc46cfwmVKGOQkJdSJzD8vVKj8BdguLGLf4s0IQrxnc
> LWGjOAic4nz7x
> </KeyFobs>
> 
> 
> [Description: Description: Description: Description: Description: 
> Description: Description: Description: TimSig]
> 
> Timothy "Thor"  Mullen
> www.hammerofgod.com
> 
> Security isn't about thinking outside the box.
> It's about not thinking yourself into it.
> 
> Thor's Microsoft Security 
> Bible<http://www.amazon.com/Thors-Microsoft-Security-Bible-Collection/
> dp/1597495727>
> [Description: Description: Description: TMSB-Prod-small]
> 




> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


--
;s =;

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/