[liberationtech] How Laura Poitras Helped Snowden Spill His Secrets

[collin@sibilance.org (Collin RM Stocks)]

While this is something that could be possible, it is unlikely to have 
actually occurred. In reality, there is some security in ensuring that 
there is only one opportunity for an adversary to compromise 
communication. If they miss that opportunity, the adversary's game is over.

So, unless either 1) you are already of particular interest to the NSA, 
or 2) the NSA makes a habit of performing MitM attacks on people who 
email their public key, this protocol is probably safe for you. Not 
"256-bit equivalent" (or even "40-bit equivalent") safe, but probably safe.

On 08/21/2013 03:43 PM, Tony Arcieri wrote:
> On Wed, Aug 21, 2013 at 5:16 AM, Eugen Leitl <eugen@leitl.org
> <mailto:eugen@leitl.org>> wrote:
>
>     This past January, Laura Poitras received a curious e-mail from an
>     anonymous
>     stranger requesting her public encryption key. For almost two years,
>     Poitras
>     had been working on a documentary about surveillance, and she
>     occasionally
>     received queries from strangers. She replied to this one and sent
>     her public
>     key â?? allowing him or her to send an encrypted e-mail that only
>     Poitras could
>     open, with her private key
>
>
> Then the NSA MitMed her unauthenticated plaintext email, replacing her
> public key with theirs, and were able to intercept all of the Snowden
> emails. Oops!
>
> --
> Tony Arcieri