-
seedydoor commented on the blog post Lamo’s Two (?!) Laptops
This part seems a little odd:
LAMO: Correct. First, second, and third at the very least. I get a lot of random email and the hassle of decrypting it even if I had the key would be enough to push it back about a week or so in my “to read” stack.
GREENWALD: Right. So when you got this email that you were incapable of deciphering did you respond to him in some way, or what did you do?
LAMO: I ignored it for the first couple of hours and then I received a few subsequent emails and then I finally replied, “Hey I can’t read your emails encrypted to a PGP key I no longer have access to. Why don’t we chat via AOL IM instead?”
So messing around with encrypted emails is time-consuming for Lamo and he might not get around to it for a week or so under ordinary circumstances. Yet here he decides to take a look within a couple of hours and he looks closely enough to notice that the PGP key is outdated. PGP-signed emails contain keys that look like this:
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: PGPfreeware 6.5.8 for non-commercial use
mQGiBDp1yy0RBADVlyDewVwltBs7HnHCG3bXlVUODFkn/00TdbM2SPnOAIkj4giB
(a bunch more lines)
iXkP9CuqGR0LBJ46VNAAnj+5dH9N226fBp5TN0rAyxwBveTK
=0VvA
—–END PGP PUBLIC KEY BLOCK—–That’s not exactly something an ordinary person would distinguish at first glance as being “my old block of PGP gibberish” rather than “my new block of PGP gibberish”. You’d probably need to pull up a copy of each key and check to see which is which. It seems notable that Lamo took such a quick interest in these particular emails despite his claim that he ordinarily sits on them for a few days.
It also seems questionable that anyone would accept an (unencrypted) AOL IM conversation as a reasonable alternative for discussing a topic that otherwise required encrypted emails, but that’s another discussion.
