I think the idea is this one: What if your closed source Super Encryption Enterprise Edition generates keys on your own desktop, with this backdoor built in?
People had always known that sort of thing could be abused, but this is a method of doing so which isn't overly obvious.
Enter the email address associated with your account, and we'll email you a link to reset your password.
That would apply then to any algorithm, operating system, random number generator, or anything you use in life, not just RSA. Pretty weak argument against RSA
Mugur Constantin, 28 years old, from Radauti, Romania. He is a Computer Technician in London.
twitter.com/ravenul same nickname, face and constitution
rav3n.3x.ro «Raven Love to Hack Your Sistem!»
rav3n.3x.ro/aboutme.htm name, age(17 in 2002 when the page was created) and sign matches with profiles on other websites
rav3n.3x.ro/favorite.htm is friends with «sageata» and is from Radauti
ravenul.3x.ro/ «Raven & Popa Lucian-Constantin» aka (sageata)
www.facebook.com/CinemaStar.net Popa Lucian-Constantin aka «sageata» also from Radauti
www.facebook.com/profile.php?id=100006897076995&and=CinemaStar.net Mugur Constantin and Popa Lucian-Constantin are friends
www.sfatulmedicului.ro/profil/ravenul_141487 this «ravenul» is 28 yo
www.bascalie.ro/ravenul this «ravenul» is 28 yo and a taurus
1337day.com/author/19589 this «ravenul» likes hacking
groups.google.com/forum/#!topic/linux.redhat.rpm/EEYsVl-dDMI this «ravenul» is interested in linux and security
This port does have some subtle implementation errors, though.
The embedded key is the master *private* key, so anyone with this code can recover any RSA keys generated with it. I submitted a pull request on github that fixes it.
For those asking «who uses private keys generated by untrusted sources» — this could be implemented in hardware, for example a smart card. Binaries you don't have the source for or didn't compile yourself could also be affected.
You don't know how deep that hacker's rabbit hole goes, so you should have simply recovered/backedup the user's data, configuration files, etc, and filled the rabbit hole with cement — the format and reinstall the OS kind of cement.
Cool story though.