-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 03-10-2013 17:48, Alejandro Szita escribió:
> Dear All,
>
> I am a new member to this list, so first of all thank you so much
> for your time and consideration in helping me out, I hope I can
> return the favour in the near future.
>
> My system
I set up ssh authentication a long time ago according to the second half
of this guide (with smartcard):
http://www.programmierecke.net/howto/gpg-ssh.html
It worked without an issue until I recently upgraded to Ubuntu 13.10.
After the upgrade I had to disable the gnome-keyring-ssh and
gnome-keyring
On 10/27/2013 4:21 PM, Mark Schneider wrote:
> Are there formal reasons why the max length of the RSA key is limited in
> gnupg[2] linux packages to 4096 Bits only?
Yes; because past 3072 bits it's time to go to something other than RSA.
Several respectable organizations (not only NIST) have done
Am 27.10.2013 20:41, schrieb Werner Koch:
On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:
Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us? Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA keys, and one
"Robert J. Hansen" wrote:
>Let's say that tomorrow I lose my passphrase and make a new keypair.
>Then in 25 years someone approaches me with a signed OpenPGP message
>dated Christmas 2013, saying "I agree to pay you one million dollars at
>Christmas 2038." I scream it's a forgery, they scream it'
Hello,
On 10/27/2013 08:41 PM, Werner Koch wrote:
> On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:
>
>> Numbers please? Or are you talking about personal/subjective impressions?
>
> What about you running some benchmarks for us? Let's say: a 4k RSA key
> signed by 90 other 4k RSA keys, 8 2k
On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:
> Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us? Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA keys, and one 8k RSA key. For
security reasons key signa
On 27-10-2013 18:36, Robert J. Hansen wrote:
> Consumer-grade hardware is a decadent Garden of Eden. However, the tiny
> little processor that monitors chemical levels at your local water
> treatment plant is going to be embarrassingly low-powered.
That's fine, but I doubt I'll ever email such a
Hi,
On 10/27/2013 07:47 PM, Peter Lebbing wrote:
> On 27/10/13 19:09, Filip M. Nowak wrote:
>> 1) Specialized microcontrollers with crypto capabilities are available
>> and used for years now (AVR XMEGA which is 8 bit for example)
>
> AVR XMEGA has DES and AES, no asymmetric acceleration. Also, I
On 27/10/13 19:09, Filip M. Nowak wrote:
> 1) Specialized microcontrollers with crypto capabilities are available
> and used for years now (AVR XMEGA which is 8 bit for example)
AVR XMEGA has DES and AES, no asymmetric acceleration. Also, I think the market
of XMEGA is phenomenally tiny compared t
List, Robert.
On 10/27/2013 06:36 PM, Robert J. Hansen wrote:
> On 10/27/2013 12:47 PM, Filip M. Nowak wrote:
>> All this comes with a price of
>> increased processing power requirement and most of the hardware vendors
>> are doing really good here (really happily).
>
> In the embedded space it's
On 10/27/2013 12:47 PM, Filip M. Nowak wrote:
> All this comes with a price of
> increased processing power requirement and most of the hardware vendors
> are doing really good here (really happily).
In the embedded space it's still quite common to see 8-bit processors
used as PICs. We're just be
On 10/27/2013 10:54 AM, Hauke Laging wrote:
> BTW: Where is the FAQ? I hope this question does not seem too stupid...
I posted a link to it yesterday.
https://github.com/rjhansen/gpgfaq/blob/master/gpgfaq.xml
___
Gnupg-users mailing list
Gnupg
On 10/27/2013 10:41 AM, MFPA wrote:
> Couldn't a cryptographically broken algorithm also raise the problem
> of forged digital signatures?
Yes and no. The mistake people make when discussing digital signatures
is to treat them as a purely mathematical exercise rather than as
something that exist
On 10/27/2013 10:04 AM, MFPA wrote:
> Which raises the question in my mind: was SHA really flawed, or was it
> advantageous to NSA's purposes to have people use SHA-1 instead?
It's amazing what you can discover by checking Wikipedia.
SHA was deeply flawed. The civilian cryptanalytic community br
On 10/27/2013 8:21 AM, Johan Wevers wrote:
> Well, both are not broken after substantial research. Further, a break
> of ElGamal would also break RSA but not the other way around.
If you can compute discrete logs in a finite field, then you can factor,
yes, and the reverse is not guaranteed to be
On 10/27/2013 7:15 AM, Johan Wevers wrote:
> Does RSA have any advantages over ElGamal/DSA?
It's simpler to implement. That's a nontrivial benefit.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 10/27/2013 01:32 PM, Peter Lebbing wrote:
> (...)
> But the following layout is sensible on some level:
Which more or less means exactly nothing.
> 3072-bit RSA primary for certification (C)
> 2048-bit RSA subkey for data signatures (S)
> 3072-bit RSA subkey for encryption (E)
>
> (...)
Hi,
On 10/26/2013 02:13 PM, Werner Koch wrote:
> On Sat, 26 Oct 2013 11:35, b...@beuc.net said:
>
>> Plus, following this principle, why doesn't gnupg default to 4096 if
>> there isn't any reason not to? I would suppose that if gnupg defaults
>
> 4k primary RSA keys increase the size of the sig
The two curerent discussions – one about the FAQ, the other one with "we
discussed that back then" statements – make me guess whether it makes sense to
link such threads in the FAQ.
BTW: Where is the FAQ? I hope this question does not seem too stupid... The
one one gnupg.org calls itself outda
>> "Werner" == Werner Koch writes:
> On Sun, 27 Oct 2013 10:23, p...@heypete.com said:
>> Correct, though it is possible (but usually recommend against) to
>> create a new certificate using the same private keypair as before. In
> The business model of most CAs is to sell you a subsc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 26 October 2013 at 12:39:58 AM, in
, Paul R.
Ramer wrote:
> Well, this assumes that you need 25 years of security.
> If your messages *must* remain uncrackable for that
> length of time, you may want to take many more measures
> t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 26 October 2013 at 4:16:32 PM, in
, Hauke Laging wrote:
> Why should anyone 25+ years from now spend a huge
> amount of resources in order to read a tiny part of
> today's everyday communication (or a big part in 40
> years)? That
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 27 October 2013 at 6:42:31 AM, in
, Robert J. Hansen wrote:
> The NSA never went public with the precise
> vulnerability in SHA that caused them to develop and
> release SHA-1, but they were quite open and public
> about SHA being in
On 27/10/13 12:53, Johan Wevers wrote:
> But the few encrypted messages people get via email can easily be handled by
> a much slower CPU than I have now. My reading speed is the limiting factor
> there, not the computers decrypting speed.
I was thinking of automated systems doing verifications,
On 27/10/13 13:21, Johan Wevers wrote:
> Which makes me think, is it possible to generate a 2048 bit RSA signing
> key combined with a 3072 or 4096 bit encryption key?
Yes, although I don't think it makes sense to create an X-bit primary key with a
Y-bit subkey if X is smaller than Y as the attack
On 27-10-2013 13:11, Peter Lebbing wrote:
> I think RSA has seen more cryptanalysis than DSA and ElGamal, which is in
> favour
> of RSA.
Well, both are not broken after substantial research. Further, a break
of ElGamal would also break RSA but not the other way around.
The rest of the arguments
On 27/10/13 13:11, Peter Lebbing wrote:
> A signature by a 2048-bit DSA key is twice as large as a signature by a
> 2048-bit
> RSA key, but offers the same order of strength.
Oops. I just read Werners message, and I had it reversed :). Taking a look at
RFC 4880, I see that a 2048-bit key has a 25
> Yes, which leads to another question: why has the default switched from
> ElGamal/DSA to RSA after the RSA patent expired?
Okay, first of all, I'm doing something wrong here, I should group my responses
and think a little longer about it. This is mail, not chat. My apologies.
I think RSA has se
On Sun, 27 Oct 2013 12:15, joh...@vulcan.xs4all.nl said:
> ElGamal/DSA to RSA after the RSA patent expired? Does RSA have any
> advantages over ElGamal/DSA? The only one I can think of is less
It is in general faster and there are OpenPGP implementations which only
support RSA (despite that the s
On 27-10-2013 12:30, Peter Lebbing wrote:
> But I can think of another one: much more hardware support. Both smartcards
> and
> crypto-accelerators either in a general purpose CPU or as a module in a
> computer.
I had not thought of the crypto cards, but the only crypto hardware
acceleration in
On 2013-10-27 12:30, Peter Lebbing wrote:
I think this is a very important one
Hmmm you press Send and you think: I might have overstated that.
Where's unsend? I think it's a real advantage of RSA. I don't think it's
a very important one, because other broken parts can compromise stuff
just
On 27/10/13 12:15, Johan Wevers wrote:
> The only one I can think of is less dependence of a correctly functioning
> RNG.
I think this is a very important one, as we've seen with the debacle with
OpenSSL in Debian where DSA keys were compromised even when just used to create
a signature[1].
But I
On 26-10-2013 14:13, Werner Koch wrote:
> 4k primary RSA keys increase the size of the signatures and thus make
> the keyrings longer and, worse, computing the web of trust takes much
> longer.
Yes, which leads to another question: why has the default switched from
ElGamal/DSA to RSA after the RS
On Sun, 27 Oct 2013 10:23, p...@heypete.com said:
> Correct, though it is possible (but usually recommend against) to
> create a new certificate using the same private keypair as before. In
The business model of most CAs is to sell you a subscription by setting
the expiration time very low so tha
On Sun, Oct 27, 2013 at 11:01 AM, Uwe Brauer wrote:
>
>> If you generate a new keypair for the new certificate (which is
>> probably a good idea) then gpgsm (and presumably any other
>> certificate-using software) will figure out what private key will be
>> needed to decrypt a part
> If you generate a new keypair for the new certificate (which is
> probably a good idea) then gpgsm (and presumably any other
> certificate-using software) will figure out what private key will be
> needed to decrypt a particular message and, so long as you still have
> the private
On Sun, Oct 27, 2013 at 9:53 AM, Uwe Brauer wrote:
>>> "Werner" == Werner Koch writes:
>
>> On Sat, 26 Oct 2013 22:03, o...@mat.ucm.es said:
>>> know by the date of the certificate which certificate to use for which
>>> message?
>>>
>>> - old for old messages
>
>> Note, t
>> "Werner" == Werner Koch writes:
> On Sat, 26 Oct 2013 22:03, o...@mat.ucm.es said:
>> know by the date of the certificate which certificate to use for which
>> message?
>>
>> - old for old messages
> Note, that there is no need for a certificate for decryption - only the
Hi,
On Sat, Oct 26, 2013 at 06:29:26PM -0400, Robert J. Hansen wrote:
> On 10/26/2013 3:40 PM, Sylvain wrote:
> > Thanks for your answer. To foster spending less time on these
> > discussions, how about this? :)
>
> Hi! I'm the quasi-official FAQ maintainer. You can read the current
> text of
On Sat, 26 Oct 2013 22:03, o...@mat.ucm.es said:
> know by the date of the certificate which certificate to use for which
> message?
>
> - old for old messages
Note, that there is no need for a certificate for decryption - only the
private key is required. The certificate is only used to sh
On Sun, 27 Oct 2013 00:29, r...@sixdemonbag.org said:
> Hi! I'm the quasi-official FAQ maintainer. You can read the current
> text of the FAQ at:
While we are at it. What about making it the official one, i.e. change
the licenses to CC-by-ca/GPL? Given the importance of a FAQ I think we
shoul
42 matches
Mail list logo
