On Thu, Jul 25, 2013 at 02:59:17PM +0200, Manu García wrote:
snip
>
> I always thought that GnuPG was rather secure, but it seems that among
> experts it's a well known weak and poor ciphering technology which no
> security experts consider seriously. At least that's th
On 7/25/2013 3:34 PM, takethe...@gmx.de wrote:
> why should I trust gpg4win? I have doubts since it was ordered by the
> "Bundesamt für Sicherheit in der Informationstechnik (BSI)", which has
> close connections to secret services. Is gunPT any better? Finally, why
> should I trust gunpg? I'm a win
Hi,
can a plain text document be clear signed by multiple keys at the same
time? (Hold by different people.)
One can create a plain text file a, clear sign it and get a.asc. Another
one can clear sign a.asc and get a.asc.asc.
One who wants to verify it, can first verify the signature of the seco
This topic is not yet solved for me, sorry for the long inactivity...
I tried the following approach which is inspired by the debian hints [1][2].
[1] http://keyring.debian.org/creating-key.html
[2] http://wiki.debian.org/subkeys
# preparing clean environment for testing
$ mkdir /data/tmp/todel/g
On 07/25/2013 07:34 PM, takethe...@gmx.de wrote:
> Hi everybody,
>
> why should I trust gpg4win? I have doubts since it was ordered by the
> "Bundesamt für Sicherheit in der Informationstechnik (BSI)", which has
> close connections to secret services. Is gunPT any better? Finally, why
> should I t
On Thu, 25 Jul 2013, takethe...@gmx.de wrote:
why should I trust gpg4win? I have doubts since it was ordered by the
"Bundesamt f?r Sicherheit in der Informationstechnik (BSI)", which has
close connections to secret services. Is gunPT any better? Finally, why
should I trust gunpg? I'm a windows
On Thu, 25 Jul 2013 21:33, takethe...@gmx.de said:
> Which mailing lists are meant? Can't emails be tempered, too? If I've
The GnuPG mailing list and all the mailing list archives. If an
attacker would modify the archive on the gnupg.org server, he would also
need to change the independent archi
On Thu, 25 Jul 2013 21:34, takethe...@gmx.de said:
> why should I trust gpg4win? I have doubts since it was ordered by the
> "Bundesamt für Sicherheit in der Informationstechnik (BSI)", which has
> close connections to secret services. Is gunPT any better? Finally,
If you are interested in my tak
Am Do 25.07.2013, 18:31:17 schrieb Robert J. Hansen:
> Why should you trust GPG4WIN? Beats me. That's on you.
No. That is a question that can easily be answered by the public (in both
directions) and already has been answered here. Not the "why" is up to him but
the final "whether" is. :-)
On 07/25/2013 12:59 PM, Manu García wrote:
> Hi.
>
> I'm not a member of this list, but have read an article that I'd like to
> share, and put into your knowledge (if you don't know it already) because I
> think is rather important.
> In said article, about security in the Cloud you can read this:
On 7/25/2013 3:34 PM, takethe...@gmx.de wrote:
> why should I trust gpg4win?
It's been years -- 25 years or more -- since I've read Victor Milan's
"The Cybernetic Samurai." I only remember one scene from the novel, but
it's a scene of such vividness that it's been permanently burned into my
brain
Hi list,
when I try to generate a key in batch mode, I get an error whenever
Key-Type and Subkey-Type is "default". I'm wondering if I'm doing
something wrong or if this is a bug.
There is no problem when I replace the value "default" with a proper
algorithm name (such as RSA).
This is the comm
On 7/25/2013 8:59 AM, Manu García wrote:
> I'm not a member of this list, but have read an article that I'd like
> to share, and put into your knowledge (if you don't know it already)
> because I think is rather important.
It is not very important, to be honest, but we still thank you for
bringin
Hi, Reference:
> From: atair
> Date: Thu, 25 Jul 2013 21:17:43 +
atair wrote:
...
Therefore, changes that look like
back doors are VERY unlikely to find their way in a release, because
hundreds of people are looking how the software evolves and will
reject such a patch.
...
I believe the issue here is that if you are running inside a virtual
machine, information can leak between VMs and the VM host about certain CPU
flags/etc. This can lead to the ability to steal data.
In general GnuPG is pretty secure and does a good job at keeping data
protected even if an adversar
On 07/25/2013 12:59 PM, Manu García wrote:
> Hi.
>
> I'm not a member of this list, but have read an article that I'd like to
> share, and put into your knowledge (if you don't know it already) because I
> think is rather important.
> In said article, about security in the Cloud you can read this
On 7/25/13, takethe...@gmx.de wrote:
> Hi everybody,
>
> why should I trust gpg4win? I have doubts since it was ordered by the
> "Bundesamt für Sicherheit in der Informationstechnik (BSI)", which has
> close connections to secret services. Is gunPT any better? Finally, why
> should I trust gunpg?
On 07/25/2013 08:59 AM, Manu García wrote:
> Are devs taking some measures to make GPG really secure?
I am not an encryption expert, but if I were going to store a lot of
stuff in the cloud, I would not use GPG or any other public (assymetric)
key encryption system. I would use a simpler symmetric
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Werner Koch wrote on 7/25/13 6:26 AM:
> Hello!
>
> We are pleased to announce the availability of a new stable GnuPG-1
> release: Version 1.4.14. This is a *security fix* release and all users
> of GnuPG < 2.0 are advised to updated to this version.
Hi.
I'm not a member of this list, but have read an article that I'd like to
share, and put into your knowledge (if you don't know it already) because I
think is rather important.
In said article, about security in the Cloud you can read this:
«Michael Bailey, a computer security researcher at th
Hi everybody,
why should I trust gpg4win? I have doubts since it was ordered by the
"Bundesamt für Sicherheit in der Informationstechnik (BSI)", which has
close connections to secret services. Is gunPT any better? Finally, why
should I trust gunpg? I'm a windows user.
Thanks for any answers,
Hi everybody,
on http://www.gnupg.org/download/integrity_check.en.html
SHA1 sums of gnupg software are published and it is said:
"To be sure that this page has not been tampered, you may want to
compare the list below with the one included in the announcement mail
posted to several mailing lis
On Tue, 23 Jul 2013 06:34, m...@0x01b.net said:
> As I understand it, I can create an authentication subkey and use some utility
> to convert that to an ssh key. If this conversion is possible, then why can't
> the gpg-agent consider private auth (sub)keys along with ssh keys loaded via
> the SSH_
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 24 July 2013 at 10:33:18 AM, in
, Philipp Klaus Krause wrote:
> I just want multiple security levels: Decrypt mail
> addressed to the university address, but not mail
> addressed to my private address on the university
> computer.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 24 July 2013 at 5:09:13 PM, in
, Einar Ryeng wrote:
> it is primarily the _person_ I trust, not e.g. his
> employer
Assuming you mean the everyday usage rather than the OpenPGP-specific
meaning of the word "trust." There are ple
Hello!
We are pleased to announce the availability of a new stable GnuPG-1
release: Version 1.4.14. This is a *security fix* release and all users
of GnuPG < 2.0 are advised to updated to this version. See below for
the impact of the problem.
For users of GnuPG >= 2.0 a new version of Libgc
Hello!
I am pleased to announce the availability of Libgcrypt version 1.5.3.
This is a *security fix* release for the stable branch.
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of O
On 7/25/2013 2:05 AM, Heinz Diehl wrote:
The listserver should deliver the listmail with a "reply-to" header
which points back to the list. I do that manually to avoid that simply
hitting the reply-button sends mail directly to the sender, and not to
the list. In procmail, something like that wil
28 matches
Mail list logo
