Re: No, it is not.

On Wed, Apr 27, 2011 at 4:19 PM, M.R. wrote: > For most individuals who really *need* (as opposed to those > that do it as a matter of ideology or principle) to protect > their communication, the need to keep confidential who is > communicating with whom is as important as is the protection > of t

No, it is not.

For most individuals who really *need* (as opposed to those that do it as a matter of ideology or principle) to protect their communication, the need to keep confidential who is communicating with whom is as important as is the protection of the content. Current "secure computer communication sys

Re: Updating signature cert-level

On Wed, Apr 27, 2011 at 08:59:49AM -0400 Also sprach David Shaw: Incidentally, it is possible to tweak the trust calculations to take signature level into account. GnuPG supports reading a trust "map" generated by an external process that can use whatever trust rules it likes. I don't know of

Re: Passphrase

On Apr 26, 2011, at 6:38 PM, Stephen H. Dawson wrote: > Hi, > > > Dire need, hoping for help. > > I have my private and public keys, but you have neither the passphrase nor a > revocation certificate. I need to revoke my published key. Can they > recommend a bash script to discover the p

Re: Keylogers

On Wed, 27 Apr 2011 12:56:19 -0400, Mike Acker wrote: > This is why we need the Software Audit Tool I've discussed at times on > various boards. The Software Audit Tool will need to be on a separate, > read-only, bootable media such as a DVD. On boot-up it would mount the > C: drive of the targ

Re: Updating signature cert-level

On Apr 27, 2011, at 1:25 PM, Kevin Kammer wrote: > On Wed, Apr 27, 2011 at 08:59:49AM -0400 Also sprach David Shaw: > >> Incidentally, it is possible to tweak the trust calculations to take >> signature level into account. GnuPG supports reading a trust "map" >> generated by an external process

HTTPS as well

On 14:59, Robert J. Hansen wrote: >> yep. Phil Zimmerman noted that in his original essay on PGP. If you >> > have a malware infection you can no longer speak to what your computer >> > is or is not doing. > In fact, it's quite a bit worse than that. Your traffic is secure only so > long as both

Re: Keylogers

On 04/27/2011 09:10, Robert J. Hansen wrote: >> yep. Phil Zimmerman noted that in his original essay on PGP. If you >> > have a malware infection you can no longer speak to what your computer >> > is or is not doing. > In fact, it's quite a bit worse than that. Your traffic is secure only so > l

Имя компании

День добрый! Помогите придумать название для фирмы, будем заниматься установкой окон в Москве! Друзьям придумали название тут http://sovetuem.in/main/18-kak-pridumat-nazvanie-firmy.html но нам не подошло! ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: Is the OpenPGP model still useful?

On Wed, 27 Apr 2011 10:11:51 -0400, Charly Avital wrote: > I'm buying. > > May I cross-post and quote, with attribution (CC3 maybe)? Sure. Consider it CC BY-ND. Repost how you like, commercial use OK. :) ___ Gnupg-users mailing list Gnupg-users@gn

Re: Is the OpenPGP model still useful?

On Wed, 27 Apr 2011 11:09:00 -0400, "Mark H. Wood" wrote: > o Media-hopping: each segment can be treated separately. The users >know there is a thread of conversation but the technologies do >not. So, is this point relevant? Yes. E.g., OpenPGP messages cannot be reduced to fit in an

Re: Is the OpenPGP model still useful?

On Wed, 27 Apr 2011 17:09, mw...@iupui.edu said: > o Agreed: OpenPGP is difficult. Nope. It is not difficult. The trust model most of us are using is difficult to explain and to use properly. However this model (Web of Trust) has nothing to do with OpenPGP; it is not even specified in RFC488

Re: Passphrase

Stephen H. Dawson wrote: > Dire need, hoping for help. > > I have my private and public keys, but you have neither the passphrase > nor a revocation certificate. I need to revoke my published key. Can > they recommend a bash script to discover the passphrase using brute > force on the private k

Re: Is the OpenPGP model still useful?

Robert J. Hansen wrote the following on 4/27/11 9:48 AM: > (The subject line may be provocative, but please don't think I'm arguing > that it's not useful. I don't know. I just had an idea a couple of > days ago, and I figure it might be worth some discussion.) > > > > OpenPGP takes its origin

Re: Is the OpenPGP model still useful?

Some thoughts: o Agreed: OpenPGP is difficult. o Media-hopping: each segment can be treated separately. The users know there is a thread of conversation but the technologies do not. So, is this point relevant? o Who is the attacker? A government with sufficient motivation and mo

Re: Re: Passphrase

Hi! Am 20:59, schrieb Mark H. Wood: > someone probably could suggest a brute-force tool I tried to respond to this thread already, but somehow mixed up email settings and my relies appear to be lost, so let's try again: There's a tool called "nasty" that does 'pure' brute forcing:

Re: Passphrase

On Wed, Apr 27, 2011 at 02:29:51AM -0400, Grant Olson wrote: > Issuing a revocation would be more critical if you thought the key had > been compromised. But if the private key inaccessible to everyone, > including you, I don't think there are any exploits you need to worry about. Maybe he thinks

Re: Passphrase

On Tue, Apr 26, 2011 at 09:37:57PM -0700, Robert Holtzman wrote: > On Tue, Apr 26, 2011 at 06:38:11PM -0400, Stephen H. Dawson wrote: > > Hi, > > > > > > Dire need, hoping for help. > > > > I have my private and public keys, but you have neither the passphrase nor a > > revocation certificate

Re: A better way to think about passwords

On 27/04/11 7:04 PM, Aaron Toponce wrote: > On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote: >> Summary: A 3-word password (e.g., "quick brown fox") is secure against >> cracking attempts for 2,537 years. >> >> http://www.baekdal.com/tips/password-security-usability > > I'm just going

Is the OpenPGP model still useful?

(The subject line may be provocative, but please don't think I'm arguing that it's not useful. I don't know. I just had an idea a couple of days ago, and I figure it might be worth some discussion.) OpenPGP takes its origins from ClassicPGP, which in turn comes out of a military threat mode

Re: Keylogers

> yep. Phil Zimmerman noted that in his original essay on PGP. If you > have a malware infection you can no longer speak to what your computer > is or is not doing. In fact, it's quite a bit worse than that. Your traffic is secure only so long as both endpoints are secure. Depending on who doe

Keylogers

On 14:59, Faramir wrote: > If there are key loggers involved, then you are toasted, even if the > passwords are kept inside your mind instead of a password database. At > the moment you type them, they would be captured. Of course, we might > say it is better to lose one password at a time, and n

Re: Updating signature cert-level

On Apr 27, 2011, at 5:11 AM, Aaron Toponce wrote: > On Tue, Apr 26, 2011 at 01:12:00PM -0700, Doug Barton wrote: >> I think you can delsig, then sign again. The keyservers would have >> both, but hopefully client software (like gpg) would be smart enough >> to use the more recent? I would imagine

Re: A better way to think about passwords

On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote: > Summary: A 3-word password (e.g., "quick brown fox") is secure against > cracking attempts for 2,537 years. > > http://www.baekdal.com/tips/password-security-usability I'm just going to drop this here: http://www.troyhunt.com/2011/04/

Re: A better way to think about passwords

On Tue, Apr 26, 2011 at 07:47:55PM -0300, Faramir wrote: > Indeed. In fact, I keep some passwords on paper, just in case I can't > use my password manager (like the password to access the site where I > stored the password manager database backup. It doesn't include the > passphrase to open the b

Re: Updating signature cert-level

On Tue, Apr 26, 2011 at 01:12:00PM -0700, Doug Barton wrote: > I think you can delsig, then sign again. The keyservers would have > both, but hopefully client software (like gpg) would be smart enough > to use the more recent? I would imagine that revoking a signature > and then signing again would