On 2025-01-03 1:25, Robert J. Hansen via Gnupg-users wrote:
> Let me get this straight: you believe Signal is acting unethically and
> irresponsibly by giving people a superb and secure alternative to SMS
> messaging, just because they don't support PQC.
Actually Signal uses PQC for some time now
On 2023-05-31 16:55, Bernhard Reiter wrote:
> Governikus provides the online service for authenticating your OpenPGP key on
> behalf of the German Federal Office for Information Security (BSI). This
> online service compares the name read from your ID card, your electronic
> residence permit or
On 2023-04-30 21:01, Ineiev via Gnupg-users wrote:
>> All I want is an option to ignore adk's - and it should not claim
>> anything else than that.
>
> Can't you remove ADK subkeys from your keyring?
On someone else's key?
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johan
On 2023-04-30 16:54, Andrew Gallagher via Gnupg-users wrote:
>> That might be, but it is nowhere certain that this escrow will happen,
>> especially if they roll out adk's.
>
> You’re inverting the burden of proof here. The important consideration is
> that E2E can’t prove that a key *wasn’t* es
On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote:
> E2E encryption can’t protect you from your correspondent disclosing your
> communication at the other end.
That is obvious.
> Whether this is done voluntarily or under duress from their employer is an
> opsec issue, not a comsec on
On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote:
> It does not make any sense so have such an option. If a user wants to
> allow colleagues or an archive system to decrypt her mails that is her
> decision.
What I've had in practice in one company: you got a company key with a
personal key
On 2023-04-30 13:22, Andrew Gallagher via Gnupg-users wrote:
> Just curious, what’s the threat scenario here?
The HR department of the receiver.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users mai
On 2023-04-30 1:15, ckeader via Gnupg-users wrote:
> Can't call it that as long as it's under user control (every long option of
> the software has an equivalent config file option. You don't add such a key
> via config or command line, no adsk will happen as it's not configured).
On my key, ye
I get a 404 not found, the last version preesent on the server is 2.4.0.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/g
On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote:
> * gpg: New command --quick-add-adsk and other ADSK features.
> [T6395, https://gnupg.org/blog/20230321-adsk.html]
So you finally caved in to the backdoor demands.
What I'm missing (maybe I just didn't found it?) is an option in my
c
On 2022-05-28 20:29, Werner Koch via Gnupg-users wrote:
> Note the Brainpool curves. Seems that Redhat still patches them out of
> libgcrypt.
Why do they do that? BTW, when I search for brainpool I only find
definitions and RFC's, I seem unable to find why they are needed (or why
they would be p
On 2022-05-25 22:22, Francesco Ariis wrote:
> Paper was first made in the Chinese Empire, around two millennia ago
I see that that was indeed considered what we call paper today, unlike
the ancient Egyptian papyrus.
> Sheets made with high quality pulp survived to this day.
Some sheets survive.
On 2022-05-23 5:01, Stuart Longland via Gnupg-users wrote:
> On the other hand, there are paper recordings that have lasted millennia.
Since paper as we know it today doesn't even exist so long that can't be
true. Maybe you are pointing to the few surviving papyrus texts? Most
have not survived.
On 31-01-2022 18:11, Andrew Gallagher via Gnupg-users wrote:
> This is incorrect. All three of the commonly-used HKP servers can remove
> keys; this has been done for years to remove poison (i.e. oversized)
> keys that cause DoS. However doing so comes with costs.
Yes, that was the issue that I k
On 29-01-2022 18:58, Robert J. Hansen via Gnupg-users wrote:
> But if you're an American without EU ties, the GDPR is yet another piece
> of foreign legislation we don't need to pay attention to. And when
> Europeans baldly say "the GDPR applies worldwide, you must follow it,"
> what we hear is "
On 29-01-2022 4:43, jonkomer via Gnupg-users wrote:
>> When the keyserer operator operates outside
>> of the EU I don't think that is a legal problem.
> If an individual that requests his personal information is
> removed (i.e., the "right to be forgotten") is EU resident,
> GDPR applies regardle
On 28-01-2022 21:02, jonkomer via Gnupg-users wrote:
> How do individual key-server owner/operators react to
> formal GDPR "forget me" requests; either by e-mail users, or
> by mail domain owners? Any known legal precedents?
There are known technical issues: the HKP keyserver does not allow keys
On 23-01-2022 21:23, Robert J. Hansen via Gnupg-users wrote:
> No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard
> interrupts harvested directly from the hardware to get a collection of
> random bits which it then fed into the CSPRNG to be expanded out into a
> large quantit
On 18-01-2022 17:23, Robert J. Hansen via Gnupg-users wrote:
>> 1.4 should be able to decrypt all 2.6 generated data.
>
> Not from the Disastry builds, which extended 2.6 to support newer
> algorithms.
Lucky for me I never use that version, as I never respected the
copyright of the RSA and IDEA
On 18-01-2022 15:54, Robert J. Hansen via Gnupg-users wrote:
>> Well, a bit more respect for backwards compatibility would help a lot
>> by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed
>> just to be able to read all my old data. Some people just refuse to
>> update to versions
On 17-01-2022 0:09, Robert J. Hansen via Gnupg-users wrote:
> I was asked for help with something in the 1.2 series (!!). Without
> exception, our first response is usually "for the love of God, upgrade!"
>
> They rarely do. It's worked fine for them for a decade or more, and
> they're not goin
On 16-09-2021 12:27, Werner Koch wrote:
> https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.31_202109.exe.sig
The signature file can't be found.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users m
On 14-07-2021 19:32, Стефан Васильев via Gnupg-users wrote:
> from trusted EU sources,
We may have a different idea about "trusted". There are enough fake
official ID's, like undercover police uses.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
On 14-07-2021 15:41, Brandon Anderson via Gnupg-users wrote:
> What exactly stops me, a person wanting to impersonate that user, from
> putting the same QR-Code I got from that public key into my own keypair?
Nothing. This latest EU implementation of a social credit system is
intended to be used
On 13-06-2021 16:06, knighttemplar5--- via Gnupg-users wrote:
> I have been contemplating subscribing to an email forwarding service
> that will encrypt all the forwarded mails to me with my public key.
> Lets imagine the country where the forwarding takes place can see all my
> emails in plain te
On 03-05-2021 15:39, Robert J. Hansen via Gnupg-users wrote:
> and gave her drives a low-level format.
I remember from the stone age (end 1980's begin 90's) that you could
low-level format a disk with the DOS command debug by calling some BIOS
routine by assembler routines.
Modern harddisks don'
On 01-04-2021 17:54, Stefan Vasilev via Gnupg-users wrote:
> Fax is faster than email and arrives, while email delivery to a
> recipient can not
On;y if the recipient has a landline that can always pickup the fax
call. A more and more uncommon situation. I don't have a landline
anymore, no use fo
On 31-03-2021 22:28, Stefan Vasilev via Gnupg-users wrote:
> Hopefully the Industry will take a look at affordable hardware based
> encrypted Fax comms for
Fax? To get the information on paper? In 2021? Why?
> Hardware based AES/DH crypto phones (no smartphones) would be a welcome
> addition too
On 23-03-2021 6:59, Robert J. Hansen via Gnupg-users wrote:
> Last year when the FSF removed him from the Board of Directors, I
> welcomed the news. I hoped the FSF would appoint better leaders. They
> did not: instead, they've reappointed him to the board.
Excelent news, finally a case where c
On 05-01-2021 23:07, Robert J. Hansen via Gnupg-users wrote:
As always, it probably depends on who you have the most to fear from:
your government, corporations, or maybe someone else?
> In Europe it's a lot different. There, the prevailing culture cares a
> lot more about limiting the ability o
On 23-11-2020 7:08, Matthias Apitz wrote:
> Since ages human read mails in ASCII or UTF-8 text. Why you think this
> is not a "human readable format"?
Sure, hand crafted html in a text reader is human readable. But the html
that is vomited by Outlook is not (unless you are a very experienced web
On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote:
> I don't understand why HTML in e-Mails is so important for some people.
I agree on a personal level, but if you use your email also to
communicate with business users (usually using Outlook) it would be nice
to get their mails in a hu
On 13-10-2020 16:46, Dieter Frye wrote:
> Now if any of this remains true today, I cannot tell (I did the research a
> number of years ago so it's possible something changed along the way), but
> even if not, it would still make sense to me to allow for greater (or
> better yet, full) key size to
I wrote:
> It would be nice if GnuPG implemented an override option to use this key
> for decryption anyway.
Sorry, I see from Vincent's mail that GnuPG already does this but it
might be the keycard that is causing this.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/
On 29-08-2020 16:17, Sheogorath via Gnupg-users wrote:
> A closer
> inspection of the key ID showed that it was encrypted with my master
> key. A key that is not marked to be used for encryption.
It would be nice if GnuPG implemented an override option to use this key
for decryption anyway. The al
On 24-08-2020 8:08, Guille De La Torre via Gnupg-users wrote:
> Hello good evening, is it possible to create a key for symmetric
> encryption in such a way that the person who has my public key does not
> need to enter a password? to decrypt.
The receiver uses your public key only to encrypt and
On 19-08-2020 23:28, Ingo Klöcker wrote:
> We need to stop calling such rubbish "theories". Better call it "conspiracy
> myths" or "conspiracy tales" or "conspiracy stories" or anything else that
> makes it clear that (unlike scientific theories) it is not supported by facts.
You mean like the
On 11-08-2020 21:49, vedaal via Gnupg-users wrote:
> There is already a simple existing solution.
Simple is not how I see this.
> [1] Encrypt and decrypt on a computer that has internet hardware disabled.
> [2] Use an Orbic Journey V phone that gets and sends *only text*
> [3] Use a microsd ex
On 11-08-2020 17:18, Stefan Claas wrote:
>> Why hardware? If a bug is found you can't upgrade it easily.
>
> Because hardware can't be tampered with like software.
If a hardware bug is found you're still lost. Even Apple has found out
the hard way.
>> On mobile, encrypted messengers are the nor
On 11-08-2020 11:39, Stefan Claas wrote:
> Based on my proposal, I would like to see in the future (OpenSource)
> *hardware* based encryption products, for at least voice comms, which
> is affordable for the majority of us and easy to use, so that people
> do not need to use good old email encrypt
On 28-07-2020 14:42, Ralph Seichter via Gnupg-users wrote:
> confused with facts. The amount of BS that can be found on Wikipedia is
> case in point.
Do you have examples of this for security related subjects? I know there
are issues with politically sensitive subjects but that has usually
other
On 28-07-2020 14:12, Robert J. Hansen wrote:
> You can't. There is little to no defense possible against a trusted
> insider that's gone rogue. The best you can do is to vet your people
> carefully and, in the event of treachery, to use whatever legal means
> are available to dissuade future tre
On 30-06-2020 12:10, Werner Koch via Gnupg-users wrote:
>> Do not break backwards compatibility if you want all people to upgrade.
>
> Do not update so that the bad guys can exploit your legacy software ;-)
>
> There are well documented reasons what we don't support MDC and PGP3
> keys anymore -
On 29-06-2020 19:40, Werner Koch via Gnupg-users wrote:
> Do not use 1.4 unless you have to decrypt old non-MDC protected data or
> data encrypted to a legacy v3 key.
Do not break backwards compatibility if you want all people to upgrade.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.x
On 18-05-2020 18:16, Robert J. Hansen wrote:
> Instead of
> spending 30 minutes talking about why it's okay if public certificates
> are shared, we could instead just say "we're not going to share your
> public key with anyone without your written consent" and spend those 30
> minutes talking abut
On 16-05-2020 17:56, Robert J. Hansen wrote:
> I tell them, "I will not be able to use OpenPGP with you until such time
> as you UID conforms to the standard.
You confuse "not being able to" with "not willing to".
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.
On 16-05-2020 15:57, Peter Pentchev wrote:
> But it is
> also fine for other people to say "okay, sure, you have your
> experimental features, but I'll wait until they're standardized until
> I do the work on implementing them myself; also, let's discuss whether
> they are even needed."
Have the
On 12-05-2020 17:04, Sylvain Besençon via Gnupg-users wrote:
>> Probably not. The future is elliptical-curve cryptography, which will
>> bring a level of safety comparable to RSA-16384.
Yes, if attacked by classical computers.
> However, I would be interested to know which ECC cipher would you
>
On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote:
> For example, a 256 bit elliptic curve key has a similar strength to a
> symmetric key of 128 bits.
Until, of course, a working quantum computer with more than a few qubits
is constructed. Then ECC is much more vulnerable than RSA or El
On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote:
> today is Palindrome-Day!
You can always set your computer's clock to a different date if you like
a specific creation date of course.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
__
On 11-12-2019 22:12, Ajax via Gnupg-users wrote:
> The command: gpg-agent --version gives me the following output:
>
> /---
> gpg-agent: relocation error: gpg-agent: symbol
> assuan_sock_set_system_hooks, version LIBASSUAN_1.0 not defined in
> file libassuan.so.0 with link time referencel
> \
On 17-10-2019 21:18, Robert J. Hansen wrote:
> 1. How should we handle the SKS keyserver attacks?
>
> One school of thought says "SKS is tremendously diminished as a
> resource, because using it can wedge older GnuPG installations and we
> can't make people upgrade. We should recommend people u
On 16-10-2019 17:37, Binarus wrote:
> - either in understanding the APIs and command line parameters of a
> library / utility, and to keep up with changes, or
>
> - in re-inventing the wheel, which in this case for sure will cost much
> more time and eventually produce catastrophic security breac
On 16-10-2019 13:02, Daniel Bossert wrote:
> Is anybody using pgp on Android? I did some years ago, would like to,
> but am afraid of security reason.
I use APG for old pgp 2.x keys and OpenKeyChain integrated in k9 mail
for modern keys. The secret keys are protected by a password, that's my
key
On 14-08-2019 11:38, Alessandro Vesely via Gnupg-users wrote:
> Of course, anonymous key poisoning is a kind of gratuitous vandalism.
> Yet, crypto is supposed to work in a hostile environment.
But this is only an extreme form of what an old keyserver already did:
it issued (I believe every 6 mo
On 16-01-2018 15:16, Phil Susi wrote:
> There isn't merit. It became public, not private, the moment you
> published it. I have the right to free speech, the EU be damned. Are
> these numbnuts going to demand that libraries black out newspaper
> articles on microfilm because they mention someon
ll doesn't work.
Anyone know the status of that server and whether it might get fixed?
Johan Ho
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 28-06-2017 19:35, Joshua Hudson wrote:
> I found out it's really hard to make a key that doesn't say "Digest: ...
> SHA1" in its attributes.
Probably because RFC-4880 states that "Implementations MUST implement
DSA for signatures", and DSA used to be SHA1 ony. I'm not sure if SHA2
can already
On 04-07-2017 18:30, Werner Koch wrote:
>> Is 1.4 vulnerable to this attack as well? I know it ows not use
>> libgcrypt but I'm not sure about the vulnerability.
>
> Maybe. And probably also to a lot of other local side channel attacks.
Is that going to be fixed, or is 1.4 now really considered
On 29-06-2017 9:28, Werner Koch wrote:
> The GnuPG Project is pleased to announce the availability of Libgcrypt
> version 1.7.8. This release fixes a local side-channel attack.
Is 1.4 vulnerable to this attack as well? I know it ows not use
libgcrypt but I'm not sure about the vulnerability.
--
On 05-09-2016 0:45, Robert J. Hansen wrote:
>> Do I smell a little bit of a Stockholm syndrome here?
>
> The Stockholm syndrome is half-pop science and half-real.
I know what it is. You have obviously worked too much with those forces
in law enforcement that prefer that citizens can't keep any s
On 04-09-2016 3:05, Robert J. Hansen wrote:
> Now, of course I don't want the civil authorities to have
> legislatively-mandated back doors into every system. I don't think
> that's an appropriate solution. But I do believe the civil authorities
> need appropriate mechanisms to pursue their lawf
On 24-08-2016 16:27, Robert J. Hansen wrote:
> Ideally, because they present options that may work better than what we
> currently have. Privacy absolutism -- the position that there is *no*
> justification for infringing on individual privacy, even in the case of
> serious crimes -- doesn't offe
On 24-08-2016 15:17, Robert J. Hansen wrote:
>>> 2. If yes, why should we listen to you?
>>
>> The child porn excuse is used too often...
>
> But this doesn't answer my question.
>
> Why should we listen to a privacy absolutist?
Why would we listen to anyone for that matter?
>> You can tr
On 24-08-2016 8:41, Werner Koch wrote:
> Whether the current German rules on when and how constitutional rights
> on privacy can lawfully be suspended are still in compliance with the
> constitution is a different question.
They can try the French method: declare the state of emergency after
some
On 24-08-2016 4:26, Robert J. Hansen wrote:
> 1. Are you a privacy absolutist?
Yes.
> 2. If yes, why should we listen to you?
The child porn excuse is used too often. The terrorism card is also
played often (not that it would help much against that as all known
exmples show). And
In
http://www.heise.de/newsticker/meldung/Justiz-soll-verschluesselte-Terror-Kommunikation-auswerten-koennen-3302594.html
(German), the German and French government are attacking the right to
encrypt communication of their serfs. Also because of their violent
anti-encryption opinion I was glad to s
On 01-08-2016 17:54, whi...@mixnym.net wrote:
> I see that there are three versions of GnuPG available. Assuming
> no hardware constraints, is there any reason to choose Classic 1.4
> or Stable 2.0 instead of Modern 2.1? It appears to do everything
> the others can and more.
It does not. If you
On 31-03-2016 3:41, listo factor wrote:
> On 03/30/2016 12:16 PM, listo factor - listofac...@mail.ru wrote:
> 1) Is it correct that this particular device maker designed a
> sophisticated hardware-based system with the specific purpose of
> thwarting the brute-forcing of ridiculously low-entropy u
On 30-03-2016 20:08, Robert J. Hansen wrote:
> My position: "The FBI already had precedent on their side from clubbing
> other smaller companies, and they decided they finally had enough legal
> support to go after the big fish: Apple."
I didn't see this from the legal files, but did the FBI used
On 30-03-2016 15:46, Robert J. Hansen wrote:
>> The FBI wanted clearly an easy access to ALL devices and a court ruling
>> to force other companies into compliance...
> I try not to get involved in conspiracy theories, but this one's just...
> outrageous.
Why would this be an outragious conspira
On 30-03-2016 14:16, listo factor wrote:
> If this is all essentially correct, someone who knows that
> the content of his device-at-rest is extremely valuable to an
> attacker would surely use a pass-phrase of adequate length, and
> thus make a potential cooperation from the device builder to
> h
On 30-03-2016 13:28, Robert J. Hansen wrote:
>> AFAIK the Cellbrite hack works by replacing the boot manager and so
>> being able to overwriting system memory, just as custom recoveries do on
>> Android phones.
>
> It's also worth noting that we'll likely discover what the exploit was
> in the ne
On 30-03-2016 11:31, Paolo Bolzoni wrote:
AFAIK the Cellbrite hack works by replacing the boot manager and so
being able to overwriting system memory, just as custom recoveries do on
Android phones.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
_
On 30-03-2016 11:31, Paolo Bolzoni wrote:
> The TPM contains the AES key protected with the password,
AFAIK on the iPhone 5c at last the password this is not in some special
TMP. Only the iPhones with a fingerprint scanner (5s and above) have
that hardware and should not be vulnerable to that kin
On 07-02-2016 5:59, Robert J. Hansen wrote:
> LaTeX is unique among document processing systems in that it can
> effortlessly represent the correct orthography for the rock group Spinal
> Tap (which uses a Turkish dotless lowercase i and a Jacaltec umlauted
> n), but that comes with a steep price:
On 24-12-2015 17:02, Matthias Apitz wrote:
> I do not fully understand why some 4 random words like
>
> Correct, horse! Battery staple!
>
> is a better passphrase like, for example
>
> Und allein dieser Mangel und nichts anderes führte zum Tod.
I do know that using accented chara
On 17-12-2015 21:29, Robert J. Hansen wrote:
> http://www.technologyreview.com/news/544516/user-error-compromises-many-encrypted-communication-apps/
Signal assumes TOFU, and warns if the key is changed. That can have a
ligitimate reason (new installation), or indicate an attempted mitm
attack. Wh
On 06-10-2015 16:07, Robert J. Hansen wrote:
> Australian researchers have figured out how to make a quantum gate on a
> silicon chip. This is interesting work, because we've spent a *lot* of
> money learning how to etch silicon. Being able to build quantum gates
> on the same material that our
On 28-09-2015 22:26, Robert J. Hansen wrote:
> RSA-3072 is not all that much stronger than RSA-2048, and RSA-4096 adds even
> less.
AFAIK RSA-3072 (and ElGamal-3072) are comparable to AES-128. That's
strong enough for the forseable future; the only known thing they are
vyulnerable to (except for
On 06-09-2015 12:02, Peter Lebbing wrote:
> Is there any reason to provide 64-bits binaries, BTW? It's an unbiased
> question, I simply don't know. Does it provide any benefits?
Perhaps they accept larger files or can use more memory? I do remember
once compiling the pgp 2.6.3ia sources with Visu
On 04-09-2015 0:46, Robert J. Hansen wrote:
> Here's the question I really want people to answer: "At what point do we
> tell people, 'no, that data format has been obsolete for twenty years,
> we're not going to support it any more, it's not even close to
> conforming to the RFCs we implement'?"
On 28-08-2015 23:27, Werner Koch wrote:
> You want better software? Then make it less complex and separate tasks
> - 2.x does just that - since 2003.
Less complex by introducing communication issues between all separate
parts? We clearly have a different idea of complexity. Separartion of
tasks
On 28-08-2015 18:52, Robert J. Hansen wrote:
> You don't get clearer than that. PGP 2.6 is a dead letter. Obsolete.
Yes, I agree.
> And with PGP 2.6 being obsolete, so are V3 keys.
No they are not. Reading encrypted archives might be usefull,
re-encrypting received mails is impractical and re
On 28-08-2015 18:12, Peter Lebbing wrote:
> 1.4 is fully supported, but occupies a niche. Support is not dropped, nobody
> forces you to upgrade.
It's starting to feel a little bit with ECC not coming to 1.4 (missing
function required to exchange messages with 2.1 users) and v3 key
support remove
On 27-08-2015 23:37, Robert J. Hansen wrote:
> The 2.x branch is the future of GnuPG development, has been for some
> years now, and is what the GnuPG developers recommend for new users.
I see this attitude a lot among software developers and it irritates me:
drop support for "obsolete" features
On 27-08-2015 20:41, Robert J. Hansen wrote:
> My rationale for this is simple: we don't want to encourage new users to
> use 1.4. We want to encourage new users to use 2.0 and/or 2.1.
Why? I still use 1.4. It is easily usable through the command line if
needed, while 2.x has a very complicated
On 17-07-2015 21:48, Philip Neukom wrote:
> I'm having some problems with my key that was created a long time ago
> (1994) but updated with new emails over the years.
Then it's a v2 key, and unfortunately GnuPG dropped support for v2 keys.
But fortunately you can install a copy of GnuPG 1.4.x alo
On 27-03-2015 14:21, Martin Behrendt wrote:
> So especially when introducing new algorithms which might be tampered
> with, using e.g. an old style RSA Key as one layer and ECC as a second
> should help against this. Or am I missing something here?
Why would you want to use a suspect algorithm if
On 26-03-2015 9:59, Mike Ingle wrote:
> Is this just a backward
> compatibility thing, or is the security of ECC keys not fully trusted yet?
The buzz about Dual_EC_DRBG made it clear that it is possible to design
curves where the designers have access to data that allows them to
compromise the sy
On 15-03-2015 23:24, Jose Castillo wrote:
> but my sense is that more people are vulnerable to passphrase-sniffing
> malware than they are to someone sneaking very close to them with
> an evil device.
However, perhaps even more people are vulnerable to confisquation by
authorities. If they find a
On 02-03-2015 22:23, ved...@nym.hush.com wrote:
> http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/
>
> I wouldn't trust it with my real key, but would make a new
> 'smartphone' key signed with my real key, and comment it as
> for phone use only.
You can't, it uses an own key scheme
On 01-03-2015 13:27, Jonathan Schleifer wrote:
> You are assuming it will be spoofed for everyone. It could just
> be spoofed for you. Anybody who can MITM you and give you a fake
> SSL cert that you accept
Well, perhaps they could if the ONLY way I communicated wit someone
would be electronicall
On 01-03-2015 22:01, flapflap wrote:
> Just think about the "grandchild trick" ([0], unfortunately not in
> English) which is a method where the criminals phone (often elder)
> people and tell them that they are a grandchild, nephew, or other remote
> relative and need some money for some reason
On 28-02-2015 18:56, Christoph Anton Mitterer wrote:
> I'm not sure but I fear you have some deep misunderstanding of
> cryptography...
I'm not talking about mathematically proving something. After all, a
government agency could make a false key with Werner Koch's name on it
and send someone who
On 28-02-2015 18:21, Christoph Anton Mitterer wrote:
> Not sure what you refer to,... but if it's authentication schemes like
> ZRTP (which TextSecure wouldn't use)...
No it's not, it is much simpler. When I call my wife and are in fact
connected with a computer or agent impersonating her, they a
On 28-02-2015 15:09, Daniel Kahn Gillmor wrote:
> We had this discussion recently over on messag...@moderncrypto.org.
What is described there is a much more confined problem.
> It's far from "trivial", but breaking voice-based authentication
> (particularly in the already-noisy realm of mobile p
On 28-02-2015 13:40, Peter Lebbing wrote:
> On 28/02/15 13:28, Johan Wevers wrote:
>> I don't see even the NSA breaking that.
>
> Heh, famous last words ;).
OK, not cryptographically. They could always try to bribe/threat/torture
someone to cooperate. But that model fails if
On 27-02-2015 22:30, Christoph Anton Mitterer wrote:
> I meant in the sense that I want to trust e.g. Werner's key but haven't
> met him in person yet,... but I might have an indirect trustpath to him
> via some other persons (which I do trust).
> Obviously I'll need any intermediate keys (and eno
On 27-02-2015 19:16, Christoph Anton Mitterer wrote:
> This is basically what they want: Anonymous cryptography, whose complete
> security is based on some good luck whether you've communicated with the
> right peer the first time.
In practice the Textsecure protocol works well of couyrse because
1 - 100 of 397 matches
Mail list logo
