On 23 February 2017 at 19:24, wrote:
> Today was announced that SHA1 is now completely broken
> https://security.googleblog.com/2017/02/announcing-first-
> sha1-collision.html
This is nonsense.
Google security team calling sha1 "completely broken" simply means google's
security team is complet
5f3160"
→ wot:pubkeyAddress → http://melvincarvalho.com/melvincarvalho.asc
← is cert:key of ← Melvin Carvalho
...
→ foaf:mbox → "mailto:melvincarva...@gmail.com";
There exist web standards to do this. Would it be helpful at all for this
use case?
>
> S
On 24 December 2015 at 17:02, Matthias Apitz wrote:
>
> Hello,
>
> I do not fully understand why some 4 random words like
>
> Correct, horse! Battery staple!
>
> is a better passphrase like, for example
>
> Und allein dieser Mangel und nichts anderes führte zum Tod.
>
> i.e. some
This is a great conversation in general, including the inventors of the web
and the internet, pushing for more crypto
http://www.w3.org/2015/10/27-tpac-minutes.html
Vint: I would like to challenge people who are concerned about
security...is there some irreducible level of inconvenience that's ne
On 1 October 2015 at 22:30, Kristian Fiskerstrand <
kristian.fiskerstr...@sumptuouscapital.com> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 10/01/2015 10:28 PM, Melvin Carvalho wrote:
> >
> >
>
> ...
>
> >
> > Reference:
On 1 October 2015 at 17:56, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
> >
> > So as far as I am aware there is no integration with the Facebook
> > GraphAPI yet :(
>
> Hi, I'm Jon - I work on OpenPGP support at Facebook. I th
On 1 October 2015 at 17:56, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
> >
> > So as far as I am aware there is no integration with the Facebook
> > GraphAPI yet :(
>
> Hi, I'm Jon - I work on OpenPGP support at Facebook. I th
ive been looking at UID in gpg
http://tools.ietf.org/html/rfc4880#section-5.11
is there any way to add an URL instead of an email address?
or to have both an emall and URL in a cert?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg
On 15 August 2015 at 17:25, Damien Goutte-Gattat
wrote:
> On 08/15/2015 03:35 PM, Melvin Carvalho wrote:
>
>> Is it possible to go the other way? openssh -> gpg
>>
>> I recently wrote an openssh -> X.509 converter in nodejs
>>
>> https://github.co
On 15 August 2015 at 08:50, Damien Goutte-Gattat
wrote:
> On 08/14/2015 10:44 PM, Kai Lemke wrote:
>
>> gpg v2.1 claims to be easy to use for SSH-authentification, too.
>> For me that's really great, because you can have on public key with
>> subkeys for all purposes, but I tried some configs I f
On 1 June 2015 at 16:30, Robert J. Hansen wrote:
> Facebook has just this morning announced limited support for OpenPGP.
> At present, it's limited to allowing users to upload an OpenPGP
> certificate, and Facebook using that certificate to encrypt all email
> communications between Facebook and
On 15 December 2014 at 19:40, Robert J. Hansen wrote:
> Keybase (https://keybase.io) is trying to solve the Web of Trust problem
> in a new way. They're currently in beta, but I was able to snag an
> invitation. (I have no invites to give out, unfortunately.) The following
> is just a write-up
On 4 February 2014 15:47, Daniel Kahn Gillmor wrote:
> On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> > Having said that, you might look at how OpenSSH has included X.509
> > certificates in its operation. There is precedent for something like
> > what you suggest.
>
> fwiw, the answer here is "t
On 4 February 2014 15:47, Daniel Kahn Gillmor wrote:
> On 02/04/2014 09:01 AM, Mark H. Wood wrote:
> > Having said that, you might look at how OpenSSH has included X.509
> > certificates in its operation. There is precedent for something like
> > what you suggest.
>
> fwiw, the answer here is "t
On 10 June 2013 10:46, Henry Hertz Hobbit wrote:
> My personal observations agrees with Rob Hansen's studies 100%.
> Even when required to use encryption people hate doing it and
> their concept is entirely focused on the ciphering with them
> thinking that people who use encryption are trying to
On 3 June 2013 19:20, Daniel Kahn Gillmor wrote:
> On 06/03/2013 08:04 AM, Melvin Carvalho wrote:
>
> > Bitcoin is essentially a ledger where you have an array of fingerprints
> > (160 bit hashes of a public key) and a value (number of coins in wallet).
>
> i thought that
On 1 April 2013 19:46, Daniel Kahn Gillmor wrote:
> On 04/01/2013 12:24 PM, adrelanos wrote:
>
> > gpg uses only(?) 40 chars for the fingerprint.
> > (I mean the output of: gpg --fingerprint --keyid-format long.)
>
> this is a 160-bit SHA-1 digest of the public key material and the
> creation dat
On 3 April 2013 19:39, Andreas Mattheiss wrote:
> Well, uhm, if it's really important to you:
>
> The concept of hashes/fingerprints/etc. is that it is (next to) impossible
> to find an entity-to-be-hashed (here a key) if you specify the hash. In
> fact a hash function that allows you to do this w
On 2 April 2013 18:45, Daniel Kahn Gillmor wrote:
> On 04/02/2013 05:40 AM, Melvin Carvalho wrote:
> > In bitcoin you have the concept of a 'vanity key' much like vanity
> license
> > plates, see:
> >
> > https://bitcointalk.org/index.php?topic=25804
In bitcoin you have the concept of a 'vanity key' much like vanity license
plates, see:
https://bitcointalk.org/index.php?topic=25804.0
I wonder if there is anything similar for public keys in GPG?
What would you iterate on, the key or the fingerprint?
___
On 2 April 2013 02:04, Robert J. Hansen wrote:
> On 4/1/2013 6:38 PM, Melvin Carvalho wrote:
> > differential path attack. On 8 November 2010, he claimed he had a fully
> > working near-collision attack against full SHA-1 working with an
> > estimated complexity equi
On 1 April 2013 22:50, David Tomaschik wrote:
> On Mon, Apr 1, 2013 at 10:46 AM, Daniel Kahn Gillmor <
> d...@fifthhorseman.net> wrote:
>
>> On 04/01/2013 12:24 PM, adrelanos wrote:
>>
>> > gpg uses only(?) 40 chars for the fingerprint.
>> > (I mean the output of: gpg --fingerprint --keyid-format
On 23 December 2012 23:17, Daniel Kahn Gillmor wrote:
> On 12/23/2012 04:42 PM, Hauke Laging wrote:
> > Am So 23.12.2012, 16:31:01 schrieb Daniel Kahn Gillmor:
> >
> >> the ssh specification declares the use pgp-style certificates:
> >>
> >> https://tools.ietf.org/html/rfc4253#section-6.6
> >>
>
On 5 December 2012 23:15, Patrick Baxter wrote:
> On Tue, Dec 4, 2012 at 5:29 AM, Melvin Carvalho
> wrote:
> >
> > Not sure I've grokked everything in this thread, but some thoughts.
> >
> I'm working on the TL;DR version :).
>
> > Tying a key to
On 12 November 2012 10:13, Werner Koch wrote:
> On Sat, 10 Nov 2012 20:33, melvincarva...@gmail.com said:
>
> > gpg --import-ownertrust trustdb.gpg
>
> That does not work. --import-ownertrust expects the format as produced
> by --export-ownertrust. What you can do is to put trustdb.gpg into an
On 8 November 2012 14:01, Werner Koch wrote:
> On Thu, 8 Nov 2012 09:37, melvincarva...@gmail.com said:
>
> > Does anyone know if there's a safe way to recover my web of trust, or
> > should I make an ultimately trusted key first, and start from scratch?
>
> ssh otherbox rm .gnupg/trustdb.gpg
>
I've just managed to recover my gpg key from an old machine that died.
But the trust db was not imported.
Does anyone know if there's a safe way to recover my web of trust, or
should I make an ultimately trusted key first, and start from scratch?
___
Gn
On 6 October 2012 18:34, Daniel Kahn Gillmor wrote:
> On 10/06/2012 09:53 AM, Melvin Carvalho wrote:
> > Is it possible to construct a GPG 'Certificate' from an existing RSA key
> > pair?
> >
> > I've got some 2048 RSA keys I'd like to reu
On 6 October 2012 16:15, Hauke Laging wrote:
> Am Sa 06.10.2012, 15:53:25 schrieb Melvin Carvalho:
> > Is it possible to construct a GPG 'Certificate' from an existing RSA key
> > pair?
> >
> > I've got some 2048 RSA keys I'd like to reuse, is ther
Is it possible to construct a GPG 'Certificate' from an existing RSA key
pair?
I've got some 2048 RSA keys I'd like to reuse, is there any way I can use
them to make everything I need for GPG?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lis
On 24 August 2012 22:06, Robert J. Hansen wrote:
> On 08/24/2012 08:24 AM, peter.segm...@wronghead.com wrote:
> > I propose to you (and to the people who are putting all that hard
> > work into gpg) that there are actually two "things killing PKI":
>
> At risk of sounding dismissive, I really don
On 24 August 2012 14:24, wrote:
> On 23/08/12 17:07, Robert J. Hansen - r...@sixdemonbag.org wrote:
>
>>
>> Deploying PKI is nowhere near as big of a problem as convincing people
>> that PKI adds benefit to their lives.
>>
>
> and
>
> Right now the number one thing killing PKI is the fact nobody
On 16 December 2011 18:50, Daniel Kahn Gillmor wrote:
> On 12/16/2011 10:51 AM, gn...@lists.grepular.com wrote:
>> I understand that once you've uploaded something to the keyservers, it
>> can't be removed. Eg, if I sign someone elses key and upload that, it
>> will be attached to their key perman
On 30 October 2011 05:21, Eric Abrahamsen wrote:
> I own a small business that works with contractors all over the world,
> and I'm currently scratching my head over the issue of signing
> contracts. I know that gpg can/has been used to this purpose, but I
> wanted to ask the list's advice. There
On 17 October 2011 20:11, Werner Koch wrote:
> Hi!
>
> Over the last year Marcus and me discussed ideas on how to make
> encryption easier for non-crypto geeks. We explained our plans to
> several people and finally decided to start a project to develop such a
> system. Obviously it is based on
On 11 October 2011 22:32, Robert J. Hansen wrote:
> Accurate to 6%, there are 2**25 seconds in a year. Worth remembering:
> it makes certain kinds of computations much easier. (It follows there
> would be about 2**35 seconds in a thousand years, or 2**45 seconds in a
> million.)
>
> E.g., let's
On 7 October 2011 20:55, Aaron Toponce wrote:
> On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote:
>> On Fri, 7 Oct 2011 11:51, aaron.topo...@gmail.com said:
>> > gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot >
>> > ~/.gnupg/pubring.dot 2> ~/.gnupg/pubring.error.txt
>>
>
On 7 October 2011 17:54, Aaron Toponce wrote:
> On Fri, Oct 07, 2011 at 12:46:32PM +0200, Melvin Carvalho wrote:
>> This is awesome, thanks!
>
> No problem. It's pretty crazy stuff.
>
>> Is it possible to get a dump of all the signatures in a particular key
>>
On 7 October 2011 11:51, Aaron Toponce wrote:
> On Fri, Oct 07, 2011 at 10:26:59AM +0200, Melvin Carvalho wrote:
>> Just wondering is there a way to browse the GPG web of trust?
>>
>> Is some of the signing data public and downloadable, or is it mainly private?
>
> Ye
Just wondering is there a way to browse the GPG web of trust?
Is some of the signing data public and downloadable, or is it mainly private?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
I've noticed that some apps add some fields on the end of your public
key e.g. in Retroshare, the end of my key looks like this:
-END PGP PUBLIC KEY BLOCK-
--SSLID--5bcc296e6b3e40c859a031dd6c0d07b3;--LOCATION--home;
In this case:
SSLID=5bcc296e6b3e40c859a031dd6c0d07b3
LOCATION=home
A
On 2 August 2011 20:10, Sébastien wrote:
> Hello,
> I would like to know an easy way to get numbers used in a key.
> For example, in a RSA key, N and e (used like this: message^e modulus N)
Why do you want N and E?
I think exponent is almost always 65537
Some apps display these numbers, e.g. fi
On 28 July 2011 16:01, MFPA wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi
>
>
> On Thursday 28 July 2011 at 12:53:41 PM, in
> , Jay Litwyn wrote:
>
>> Attaching a photo to your public key might
>> help. So might putting a phone number on your public
>> key.
>
> I'm not too conv
43 matches
Mail list logo
