On 12/4/2012 3:03 PM, sben1783 wrote:
> Yes, I meant to use the MD5 checksum of the original file, not its
> original name. I'm still interested whether this would be "insecure"?
Let's not even use the word insecure, since that word is wholly
subjective: there's no agreed-upon definition for what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 04-12-2012 18:18, Allen Schultz escribió:
> GnuPG-Users:
>
> I was wondering where that article was about seperating the master
> key from daily subkeys (both signing and encrypting). I can't seem
> to find it. Are there other articles on the s
GnuPG-Users:
I was wondering where that article was about seperating the master key
from daily subkeys (both signing and encrypting). I can't seem to find
it. Are there other articles on the similar methodologies that are still
secure. And is it still recommended that I sign another's keys with th
Hello
I trid it with gnupg 2.0.19-1 from debian testing - PIN is not requested from
the card reader.
here is the log file. I did use testing keys and non-productive PIN so I hope I
did not post anything sensitive
2012-12-04 22:05:10 scdaemon[16008] listening on socket
`/tmp/gpg-iJ5FQq/S.scdae
On Tue, 4 Dec 2012 14:40:22 +0200, "yyy" wrote:
There isn't enough entropy in a filename for an MD5 checksum to give
much in the way of secrecy.
It seems that MD5 checksum is computed from file contents, not name.
Yes, I meant to use the MD5 checksum of the original file, not its
original n
Meant to post this to the list. Blame gmail.
-- Forwarded message --
From: Nicholas Cole
Date: Tue, Dec 4, 2012 at 7:10 PM
Subject: Re: Seperate RSA subkeys for decryption and signing or one for both?
To: Hubert Kario
> How do you propose an attacker could force me to sign dat
On Tue, Dec 4, 2012 at 5:32 PM, Hubert Kario wrote:
> On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote:
>> On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario wrote:
>> > On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
>> >> Do any problems arise with the smartcard if the same key
On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote:
> On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario wrote:
> > On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
> >> Do any problems arise with the smartcard if the same key shall do
> >> different
> >> tasks?
> >
> > Keys can bec
On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote:
> On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario wrote:
> > On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
> >> Hello,
> >>
> >> are there arguments for preferring either
> >>
> >> a) having one RSA subkey for decryption onl
On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario wrote:
> On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
>> Hello,
>>
>> are there arguments for preferring either
>>
>> a) having one RSA subkey for decryption only and one for signing only
>>
>> or
>>
>> b) having only one RSA subkey for b
RFC 4880 says this in the "Security Considerations" part:
> * Many security protocol designers think that it is a bad idea to use
> a single key for both privacy (encryption) and integrity
> (signatures). In fact, this was one of the motivating forces
> behind the V4 key format w
On Tuesday 04 of December 2012 14:14:34 Hauke Laging wrote:
> Am Di 04.12.2012, 13:19:11 schrieb Hubert Kario:
> > Keys can become "used up" so it entirely depends on how often you use it.
> >
> > What I mean by that, is that any signing operation leaks some information
> > about the key used for
There isn't enough entropy in a filename for an MD5 checksum to give
much in the way of secrecy.
It seems that MD5 checksum is computed from file contents, not name.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/
Am Di 04.12.2012, 13:19:11 schrieb Hubert Kario:
> Keys can become "used up" so it entirely depends on how often you use it.
>
> What I mean by that, is that any signing operation leaks some information
> about the key used for signing (generally far less than few tens of a bit).
> If you have sig
On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
> Hello,
>
> are there arguments for preferring either
>
> a) having one RSA subkey for decryption only and one for signing only
>
> or
>
> b) having only one RSA subkey for both decryption and signing?
>
> Do any problems arise with t
15 matches
Mail list logo
