Dear list members.
I would like to use gpg's symmetric encryption feature but with
passphrase hashing from either yescrypt or Argon2id.
Neither of them seem to be natively supported, so I wondered whether
the following would actually work out as I have it in mind.
To my understanding a KDF lik
On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen wrote:
> That's three examples of things that will unexpectedly break if SHA-1
> falls. A complete laundry list would go for pages and pages and pages.
> I'd suggest reading comp.risks; they might have something on point.
Thanks,.. got what you
On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen wrote:
> I understood him to mean the "key ID" as the fingerprint of the
> certificate's primary signing key, rather than checking each bit of the
> certificate's primary signing key individually.
I meant the fingerprint, yes.
But now that you sa
Hello Daniel.
On Thu, Sep 10, 2009 at 6:22 PM, Daniel Kahn Gillmor
wrote:
> The Key ID is a substring (either the last 8 or 16 hex chars) of the Key
> Fingerprint (which is 40 hex chars). The Key ID is used nowhere in the
> internals of the OpenPGP specification, from what i can tell.
I think
On Thu, Sep 10, 2009 at 5:08 PM, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would effectively mean
> a new key type for OpenPGP (again, not a disaster - we're on our 4th key
> type today).
Ok,..
Hi Robert.
On Thu, Sep 10, 2009 at 4:54 PM, Robert J. Hansen wrote:
> Probably. However, if SHA-1 gets totally broken we'll have a lot bigger
> things to worry about than OpenPGP.
What specifically do you mean? Crypto-stuff in banking etc.?
> As soon as you find an attack, then we can discu
Hi Robert.
On Thu, Sep 10, 2009 at 3:59 PM, Robert J. Hansen wrote:
> Not really. If there were good reasons to believe OpenBSD's entropy
> collector was better than Linux's, the Linux crew would fix the code,
> maybe even borrowing OpenBSD's entropy collector.
Ah,.. right... it was the other
On Thu, Sep 10, 2009 at 3:45 AM, David Shaw wrote:
> Yes, but it won't actually go away completely. SHA1 is special in OpenPGP.
> Unlike the other hashes, SHA1 is required to be supported. Removing SHA1
> from an OpenPGP preference list doesn't actually remove it, but instead
> effectively puts
Hi Robert.
On Thu, Sep 10, 2009 at 3:05 AM, Robert J. Hansen wrote:
> Add these lines to your gpg.conf file:
>
> personal-digest-preferences SHA256 SHA224 SHA384 SHA512 RIPEMD160
> personal-cipher-preferences AES128 3DES
>
[...]
And you think this is enough? Not removing and recreating and olde
Hi.
Now something more realistic and pracitcal.
I'm using gpg for anonymous but secured communication together with some of
my friends for some years now
Recently I've read on severa attacks on SHA1 and AES256 that could also
affect gpg and its keys.
So waht I'd like to see is some step by s
10 matches
Mail list logo
