A question of netiquette: Is it acceptable to do this on a first post
to a public list?
IIRC, Autocrypt specifies a way for public keys to be transferred in an
email header that's parsed by Autocrypt-aware clients and not rendered
or acted upon by non-aware clients. Seems like the best thing
In theory, with long-enough (perhaps too long for practical use) RSA
keys, conventional factoring would be /easier/ than Shor's algorithm. Is
there such a "turnover" point?
When talking about science fiction technologies, the only answer is "who
knows?" You'll hear me say that a lot here.
If
Breaking RSA-4096 via Shor's algorithm is straight out of science
fiction.
No, *this* is science fiction:
I stand by my statement. RSA-4096 via Shor's requires science fiction
level technology advances.
Signal is acting ethically and responsibly: They have had hybrid-PQC
fully deployed to
Do I understand correctly that, while the complexity of
conventional factoring scales with a logarithm of RSA key length,
Shor's algorithm has a space requirement that scales linearly, but
the engineering challenges implied by that linear growth scale
exponentially?
The keyspace equivalency is m
Following the (very rough) rule of thumb that each additional bit
requires two additional qubits...
Five. Five additional qubits. Apparently the wrong constant is stuck in
my head, I'm sorry.
OpenPGP_signature.asc
Description: OpenPGP digital signature
__
I have been looking for hard numbers for the applicability of Shor's
algorithm to RSA for a long time.
They're hard to come by, because we mostly only know theoretical limits.
It requires a flat minimum, last I checked, of quantum gates on the
order of (lg N)^2(lg lg N)(lg lg lg N) to run the
A disquisition could here ensue on the long-term security reasons why
everyone should start using ky1024_cv448 encryption subkeys RIGHT NOW.
This could only be true if everyone holds to a threat model in which
their data being collected by the MDR and potentially decrypted by a
First World nat
But our users know what GnuPG is, and they would, we assume,
trust it without any prompting from us.
As a guy who's been supporting users in communications security issues
since 1991, please forgive me for sharing some very hard-earned wisdom.
Never assume anything about your clients. If some
We distribute a particular set of symmetrically-encrypted files,
and would like to give Apple users the ability to decrypt those
using a simple terminal command-line, without the need for them
to "install" anything on their computers.
At risk of sounding disloyal to GnuPG, this isn't a very good
A question to both Robert and Marco:
Where did you get your gnupg(s) from?
GnuPG 2.4.6 from Homebrew on Apple Silicon.
OpenPGP_signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg
It won't be listed by --list-keys and doesn't give an error message.
It does, in fact.
rjh@sarah ~ % gpg --recv-keys 0x020898F03962F8B76B42D9F1E805C860F0E3CCB5
--verbose
gpg: Note: '--verbose' is not considered an option
gpg: "--verbose" not a key ID: skipping
gpg: key E805C860F0E3CCB5: no us
Counter modes are evil and thus not used.
Evil? Howso? I know there's a malleability problem, but GnuPG has used
an HMAC since what, 1999, so that problem was mitigated decades ago. Is
there another set of problems I'm unaware of?
OpenPGP_0x1E7A94D4E87F91D5.asc
Description: OpenPGP publ
Please don't send HTML to this list. Some of the people you really hope
will see your email won't look at HTML email. :)
I am having no luck with trying to encrypt a file with a key that I
would like to use.
This isn't really a GnuPG use case. If you're looking for an AES256
encryption or
Is AES256 using ecb or cbc mode?
Depends on which version of GnuPG you're using. Older versions used an
idiosyncratic cipher feedback mode, newer versions use counter mode (I
believe).
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lis
I am not suggesting that world leaders should continue to use 1024 bit
RSA to store their nuclear installation locations or sign their
offical pronouncements.
"So for current OpenPGP usage, 1024 bit RSA is for all practical
purposes secure."
That was you, two messages ago. Now you're saying 10
A nation state with the ability to crack 1024 bit RSA would not spend
years and billions of dollars on the messages/files of a single
entity.
They absolutely would, in a heartbeat, and they'd consider it a bargain.
Imagine some major world power has a copy of an old message from
Vladimir Putin
to skip PGP-2 keys in existing keyrings. And of course the PGP-2
encryption has not been broken - only signatures are vulnerable to the
full MD5 hash algorithm attacks we know for 25 years.
Given that PGP 2.6 offered "military-grade" 1k RSA keys, I think it's
dangerous to think PGP 2.6 encrypt
Unfortunately the GPH is way to old to be useful. I also doubt that we
have a working docbook toolchain availabale to build the GPH from
source.
The FAQ is also increasingly out of date. Since I put it down years ago
(as a protest against RMS' continued involvement in the Free Software
movem
Thank you for reply. I was thinking about speeding up the encryption
process. But if that's not possible then that's how it is.
Thank you for sending a plain-text email to the list! :)
The answer is a little complicated, but this should be an
accurate-enough explanation.
Encryption speed is
Please do not send HTML to this list. Many of the people you very much
hope to read your questions will not read HTML email.
Anyone knows if there is a way to use all CPU threads with
*gnupg-desktop-2.4.3.0-x86_64.AppImage* ?
What exactly are you hoping to speed up? The classic mode of encr
Please don't send HTML to this list.
gpg: key "6O0PDA84A36B6C98B261AC2020546703CDADFA53" not found
That's not a valid key ID. Key IDs are strings of hexadecimal digits.
Your second 'digit' there is the letter O, which is not a valid hexit.
gpg --delete-secret-keys CDSXFA53
That's not a
My name is Snowden.
I don't care.
And I cannot send a decrypted version of the mail.
Then please learn how to do so.
To recap:
1. There is no point in a 32kbit RSA key.
2. For that reason, GnuPG doesn't allow you to generate one.
3. I will not help you do something that has no point.
4.
I will not answer encrypted messages posted to the list. This is a
public mailing list. Signatures are fine, but encrypted
person-to-person messages are not.
Also, please do not send HTML email to the list. Many of the people you
hope will read your email refuse to read HTML email.
OpenPG
I don't know that there's anything to file a bug about. I
don't see any non-rsa4096 keys on the Tails website:
One of their certificates has a Curve-25519 subkey. I wonder if that's
what the original poster saw, and mistook it for being a 25,519-bit
subkey.
How do I upp the limit of the RSA-key to 32768?
First, come up with a reason why you need one.
A 2048-bit key is hypothesized to possess about 112 bits of entropy; a
3072-bit key, about 128; a 16k-bit, about 256. You very rapidly reach a
point of dramatically diminishing returns. A 32k key
(Please forgive the HTML email, sending from my phone)Given Python is effectively single-threaded through the global interpreter lock, this may turn out to be a total non-issue. Although I don't have an immediate answer for you I'd suggest starting by learning how Python's multi-threading support i
It would be helpful to know why I can't get compression in my build.
I've tried to build from source three times now.
The answer is very simple: because you are building it incorrectly. We
can provide you with the answers, but we can't give you the software
development skills needed to correc
why can't gpg accept passphrase in the terminal?
Depending on how you invoke GnuPG, it can. It supports a lot of
different ways of providing the passphrase.
The one that might work best for your purposes is to put the passphrase
in a file, passphrase.txt, and then invoke GnuPG like this:
Why does gpg-agent interject itself into symmetric encryption at all?
Where in that command line do you specify a passphrase?
You don't.
gpg-agent is getting fired up in order to ask you what passphrase to use
for the symmetric encryption.
___
Gnu
When I choose a RSA3076 key, keyserver.pgp.com will accept it.
When i choose an ed25519 key, keyserver.pgp.com tells me it is a v3-key.
keyserver.pgp.com is *old* and doesn't understand how to use ed25519
keys. It is erroneously telling you it's a v3 key, when the reality is
keyserver.pgp.com
On a lark I went looking for the current iteration of PGP. It was
bought by Symantec some years ago, and the last I heard they'd renamed
it to "Symantec Encryption Desktop". However, Symantec no longer has it
available for sale or download, and scouring their site turns up
basically nothing.
Subject: How did Edward Joseph Snowden use GnuPG to uncover the
secrets of the National Security Agency?
Short answer: he didn't.
GnuPG is one of the tools that Snowden used to
uncover the secrets of the NSA.
This is incorrect.
According to Glenn Greenwald, he used GnuPG to communicate priv
Some years ago after they first published their OpenPGP certificate, Enigmail reached out to them offering training on effective use of OpenPGP and technical support for GnuPG and Enigmail. No cost, Enigmail had a core member who lived near their offices (namely, me), let us know how we can support
3. I could use the ent command which measure the entropy, high
entropy is an indication of encryption (but jpg have also high
entropy). However I should then study the distribution of each
letter to be sure.
A JPEG *body* has high entropy. The JPEG *header* has very
It seems not as much the binary name seemed the problem but the
dnf/yum/rpm dependency.
Here's where I hate to sound like a jerk, but I can't help you. I'm not
an AIX guy and I don't do packaging for it. This is a packaging issue,
not a GnuPG one. :(
There might be an AIX person on the li
1 What is the difference between gnupg2 and gnupg-2.X.X?
Possibly quite a lot. GnuPG exists in three different branches. For
sake of simplicity I'll call them "modern", "standard", and "classic".
Modern: GnuPG 2.3 and later.
Standard: GnuPG 2.2
Classic: GnuPG 1.4
The differences among them
Since paper as we know it today doesn't even exist so long that can't
be true. Maybe you are pointing to the few surviving papyrus texts?
Most have not survived.
I've personally seen paper ballots from elections in the Senate of
ancient Rome. Admittedly, this was 15 years ago so I can no lon
You're barking up the wrong tree: It wasn't me who brought politics to
this list.
You're the one who is turning a single throwaway line in someone's
signature block into an angry argument.
Nonsense. The OP issued a statement, I replied and that could have been
it. It is you who is obviously
Just as I am free to comment on a political statement that I find
provocative, blatantly wrong and in the context of current events almost
derisive.
Excepting that this is not a mailing list for politics.
Matthias has a line in his signature that you object to. I object to
it, too, but the on
Given recent events: can't you spare us your stupid signature?
Matthias should be, and is, free to advocate for his beliefs in his
signature.
If we don't stand up for people's right to peacefully say things we
don't like, we have failed as a community.
I say this as an American who's a fan
First of all, thank you for taking your time to reply to this email. I
tried it using the -l flag. The config file was found in the directory
before that. Below is the command I executed.
I don't want to sound dismissive or discouraging, but you may want to
consider whether you have the necessa
You will have much better luck if you send only plain-text emails to
this list. Some of the people you'd really like to see your email
refuse to read HTML email, on the grounds that it's a security risk.
I've quoted your entire message below as plaintext to help you reach
these people.
To re
Sounds like a defect to me, do you have a problem report ticket with
Thunderbird or a forum entry which described the problem in more detail
(like which version is affected).
It turns out the actual behavior is a little different than I originally
described. If you have a valid certificate wit
Whoever told you SHA-1 is broken was gravely in error. There are certain areas of the cryptographic space where it is no longer recommended. There are others where it's strong as a rock.As part of an iterated key derivation function, SHA-1 is still believed safe. There's no reason to shy away from
How can I fix this?
Specify a different keyserver.
keyserver.pgp.com was a commercial keyserver run by PGP Corporation, or
whichever corporate entity owned the PGP intellectual property at the
time. Network Associates gave way to PGP Security gave way to Symantec
gave way to...
The PGP in
Yes, I know, Thunderbird doesn't use GnuPG. However, for those who do:
apparently, Thunderbird is a big fan of attaching public certificates
(and/or revocation certificates, for revoked keys) to outgoing emails
for *every private certificate on your keyring*, regardless of whether
that private
this is my first post here. I'm an experienced Dev and FOSS contributor
which worked quite some with gpg recently.
Welcome to the party, pal!
:)
1. Who takes care for tasks like updating the website?
Ingo already addressed this fully and correctly, so I'll skip.
2. Difference of pu
Forgive my terseness, on from my phone. The OP may find this message from the archives to be useful:https://lists.gnupg.org/pipermail/gnupg-users/2021-December/065639.htmlOn Feb 2, 2022 3:59 AM, Ingo Klöcker wrote:On Mittwoch, 2. Februar 2022 08:30:56 CET B1773rm4n via Gnupg-users wrote:
> Hello,
However, the opposite also occurs: some US companies appear to be
shocked when I, as a European without any ties to the US, claim I won't
comply to a DMCA request because we don't have such a law here.
Yes! And when American companies are so foolish as to demand an EU
citizen comply with a DMC
If person1 has a signed and encrypted email to person 2, but which
used IDEA and MD 5, and now wants to decrypt, and re-encrypt and
sign, and send to person 2, who will then destroy the original
email, why shouldn't they be allowed to know if this is safe.
They *are* allowed. Th
Unrelated note: I find the rhetoric of a few posts in this thread
absolutely astounding. From a crypto question to red scare and "my army
is going to kick your country's ass if it dares talk to me" in two easy
steps ? This is vile.
"Tell it to the Marines" is a standard American and British prov
Ok, you made me actually look at pgp263iamulti06. :-)
I almost feel like I should apologize.
However, the entropy gathering seems overly optimistic:
*wince*
That's quite a bit worse than I remember. (I haven't looked at 2.6.3
source code in probably 25 years.)
So, yeah. I'm comfortable
PS: I guess by the "emotional reactions" you mean Robert J. Hansen
mails, since replies by other people seem much more technical in
nature.
If by 'emotional' people mean 'amused', then yes. I thought it was
cuter than a pailful of kittens. :)
If by 'em
I was simply trying to help an organization
that is, for *their own good business reasons* very much
motivated to adhere to GDPR, use existing IT infrastructure
to move to a more secure method of communication.
And, for those people and businesses who have to do business with the
EU, the GDPR i
If an individual that requests his personal information is
removed (i.e., the "right to be forgotten") is EU resident,
GDPR applies regardless of the jurisdiction in which the
information server is located.
"Right to be forgotten" doesn't exist in the United States. It's a
violation of our Fir
Would you be able to suggest the version to use in "portable" mode?
GnuPG 1.4, but I'd honestly prefer to run a bootable Linux distro.
Portable apps are a monstrous security hazard if they're used on
computers beyond your control. USB malware is a very real thing.
__
I remember using a Windows-95-native PGP years ago that also used
keyboard and mouse events to acquire entropy; presumably, there was not
that much determinism, or every PGP key generated on Windows is likely
to be weak.
Win95 still allowed direct access to underlying hardware. In the
XP-and
Is this also used when generating symmetric keys? Or only used by secret
key generation? If the last is the case, then existing keys generated on
DOS (or Linux?) might be safe (apart from a possibly short key length).
Existing certificates would be unaffected, but since the CSPRNG is used
for a
When generating the key-pair with Re: pgp263iamulti06, the
"randomness" is obtained by user's keyboard input. Is it
then that the above applies only when the session key is
generated?
No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard
interrupts harvested directly from the
Are there known, documented security deficiencies in it?
The CSPRNG is almost certainly broken.
PGP 2.6.3 was a DOS program, which meant it could easily get direct
access to hardware. That meant it could use the uncertainty of the
physical world as a key factor in the CSPRNG.
But ever sinc
What's the difference between `|--personal-cipher-preferences' and
`default-preference-list'?|
The former is your preferences for the traffic you generate. The latter
is your advertised list of preferences that are affixed to new
certificates you generate.
E.g.: if you have p-c-p of CAMELLI
Migrate? That data is in my mail archive. While it would be possible for
me to write a program to scan the mail file for pgp blockes, check which
pgp version is used, decrypt the data, re-encrypt it with a modern gpg
version and replace that textblock, it would still lose information
about dates a
Lucky for me I never use that version, as I never respected the
copyright of the RSA and IDEA algorithms (questionable in Europe anyway).
Patents, not copyrights.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listi
1.4 should be able to decrypt all 2.6 generated data.
Not from the Disastry builds, which extended 2.6 to support newer
algorithms.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Well, a bit more respect for backwards compatibility would help a lot
by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed
just to be able to read all my old data. Some people just refuse to
update to versions that routinely break backwards compatibility.
You've had literally 27
On this mailing list we sometimes see requests for help from people
running dangerously antique versions of GnuPG. Wasn't all that long ago
I was asked for help with something in the 1.2 series (!!). Without
exception, our first response is usually "for the love of God, upgrade!"
They rarely
Likewise, Edwards DSA can be tortured into becoming a Curve25519 key.
But once you do that, *you're no longer using Edwards DSA*.
Can you be more specific why this is a problem?
I apologize in advance for sounding grumpy (I am, it's been an annoying
day so far) and condescending (which I'm tr
5) Importing the key on Linux does not generate any warning or error. And I
can also properly use the keypair generated on Windows to encrypt, decrypt,
sign and verify files between Linux clients without problem. It's just
encrypting on Windows and decrypting on Linux with a keypair generated on a
There is anequivalence given (two functions) in the Ed25519 wikipedia page,
but I don't know if this allows the same curve used in both algorithms.
Yes, in the same way that if you torture a DSA key long enough you can
get the Elgamal encryption algorithm out of it. But once you do that,
*you
I know that "ed25519" and "cv25519" are different algorithms,
but from my limited understanding the same key-pair should be
usable for both encrypting and signing in theory?
Ed25519 is (effectively) a Schnorr signature done over an Edwards curve.
Schnorr signatures have really no capability of
I did spend about six months doing a clean-room implementation of
RFC2440 in PHP3. It was a vile experience and one I don't recommend.
I am simultaneously shocked, impressed, and disgusted. ;-)
I rarely talk about that job because it's sort of like saying you made a
healthy and tasty meal ou
Werner, this is amazing news. Thank you for sharing it!
For the list: as you may remember, each Christmas I run a fundraiser for
GnuPG. You pledge $X and I match it, that sort of thing. I didn't do
one this year because Werner contacted me earlier asking me not to,
saying he would soon have
> I would've thought that a clearsign signature preserves the data
above the pgp signature, in plaintext. Isn't the plaintext above the
signature the original data?
In that case, it is. I spoke inartfully: I meant to say that detached
signatures can be done in either a binary format or in
Shouldn't I be able to verify the signature independently?
Why?
A signature is a piece of data that attests another piece of data is
unchanged. If it doesn't have a second piece of data to compare to, all
it can say is "I have a good digital signature that attests to a hash
value of XYZ for
seems as though my entry into this realm was clearly... bad. I wanted
to learn the system without using separate encryption software like
kleopatra. I wanted to know how to do it with just gpg and any email
provider. It's difficult, and I have a lot to learn.
Don't do that. Seriously. This
What other keys would it hold?
Behold:
pub ed25519/1E7A94D4E87F91D5 2021-02-22 [SC]
7D8EC4B85B6FEDD6C10D3C791E7A94D4E87F91D5
uid [ultimate] Robert J. Hansen
uid [ultimate] Robert J. Hansen
sub cv25519/7D6CCDB66CA1202F 2021-02-22 [E]
My public
The document snapshot analogy really helps.
I'm glad it's helped!
No, and I'm going to strongly encourage you to stop asking
implementation questions.
I think I'll take that advice.
When you think you're ready, we'll be here to answer your implementation
questions. It would break my hear
That key block did not match the one on his profile. That’s what
confused me. But I’m learning (from you guys) that the key blocks
don’t necessarily have to match. So I can assume that:
More accurately, they're very unlikely to match. The version on his
site may lack some signatures or user I
when i compared the imported pgp public key block (which I obtained
using the import command and the provided fingerprint) to the
displated pgp public key block, they didn't match
shouldn't they match?
No.
The key block is not a human-readable format. It's a binary format
that's meant to be
I make different observations (using self-compiled gpg installed to /opt/
gnupg/master with a non-standard GNUPGHOME):
It turns out the source of the trouble was systemd, which was starting
gpg-agent on demand, and was forcing it to use /usr/bin/gpg-agent.
Setting a user override file fixed th
Turns out the problem was keyboxd was waiting for a lock. Unfortunately
I wasn't able to find the lock: so, after making a backup, I decided to
resort to harsh measures: I nuked my .gnupg directory. Now GnuPG is
getting a little further along, but it's still not working properly.
Let's start
"gpgconf --kill all" solved my problem, but I'd still advise y'all to
look into where it got wedged and why -- this was an incredibly annoying
problem to solve, and the total lack of debugging output elevated it to
tremendously frustrating.
I'm such an idiot, I forgot I was sshed into another
Try attaching gdb to see where it hangs.
(gdb) run
Starting program: /usr/local/bin/gpg --list-keys
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after fork from child process 41865]
^C
"gpgconf --kill all" s
Which version exactly are you using?
2.3.3.
Try attaching gdb to see where it hangs.
(gdb) run
Starting program: /usr/local/bin/gpg --list-keys
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after fork from
rjh@ripley:~$ gpg - --list-keys
gpg: using character set 'utf-8'
gpg: Note: RFC4880bis features are enabled.
gpg: key 1DCBDC01B44427C7: accepted as trusted key
gpg: key 1E7A94D4E87F91D5: accepted as trusted key
gpg: key A3C418D1C6F3453A: accepted as trusted key
... No output is ever produced
Mapping a "Real Name" to an email address is a conceptually different
thing from mapping an email address to a public key.
Except that should we be mapping keys to email addresses in the first
place?
When we sign a certificate we make an assertion that this cryptographic
material is controll
Why not do a detached signature using e.g. gpg -sb --output file.sig
file? Then, someone can run gpg --verify file.sig file to ensure that
the signature is valid.
(a) because the OP specifically said he was looking for integrated
signatures, and
(b) detached signatures have a way of getting l
We’ve been using v1.4 of gnupg because I read in the documentation
and user comments and in my testing, that v2.X couldn’t be used in
software automation workflows.
This might have been true several years ago, but it isn't true today.
there was a feature (that seemed intentional) that the pass
all is well and good. At least, on Windows. But what about linux?
As a general rule, Windows signs executables more than it signs
packages; Linux signs packages more than it signs executables. The best
practice seems to be to use GnuPG to attach a digital signature to an
RPM or DEB (or Snap
gpg -k and gpg -K both show my main key. I compiled a copy of gpg1 (not
installed to the system) to try to use locally, since it doesn't enforce
the use of a passphrase for the secret key. Unfortunately, without
secring.gpg, it doesn't see the secret key at all.
I haven't tried this, but it
Is 'Стефан Васильев ' the same person that
was ban from this very list a fiew month back?
No, because no one was ever banned. One user, also named Stefan, was
set to moderation (his messages had to be approved by an admin before
appearing on list), but this was only for two weeks, and he was ne
I am trying to write in plain text mode so hopefully you won't be
seeing it in HTML.
Success! Thank you.
Can you please suggest to me the steps that I should follow to
redesign my solution, considering the password security?
I already have, twice.
For the third time: remove the passphrase
61 4204=
10228On Thu, 10 Jun 2021, 02:58 Robert J. Hansen, <mailto:r...@sixdemonbag.org";>r...@sixdemonbag.org> wrote:>.8ex;border-left:1=
px #ccc solid;padding-left:1ex">I'm not going to respond to this until =
you re-send it as plain text
without HTML.=C2=A0
But, this command had a risk of exposing *$PASSPHRASE* to the UNIX
console if any user executes *ps -ef* command while the code is running.
This was a huge security breach so I chose the *--passphrase-file*
option to read the decryption password from a file.
Now, all I need is to place the fil
I'm not going to respond to this until you re-send it as plain text
without HTML. The very first thing I wrote in my last email was that
this mailing list strongly prefers plain text without HTML.
We're willing to help you, but you need to follow the rules.
___
Please do not send HTML to this mailing list. Many of our members
refuse to open HTML emails from unknown parties, so when you send HTML
email to this list you're limiting the number of people who can see your
question -- and maybe be able to help you!
Step 2. Instead, I have thought of stori
,and use it as an OTP, and throw it into a garbage
>incinerator afterwards.
>If you are up against adversaries where this is necessary,this methods
>may ultimately not help ...
>=
>
>On 5/4/2021 at 1:19 PM, "Ingo Klöcker" wrote:On Dienstag, 4. Mai
>2021 18:47:50 C
Modern harddisks don't allow that anymore. Should I assume that
"low-level format" in this case means something like
dd if=/dev/zero of=/dev/sdX
[puts on forensics professional hat]
Good question! The tl;dr of it is that the technique to wipe a hard
drive will vary according to the kind of t
Neal Stephenson's novel Cryptonomicon is excellent. I strongly
recommend it to anyone who enjoys reading & is interested in crypto.
Part of the plot involves a cipher that operates a bit like RC-4,
permuting an array, but the array is a deck of cards.
https://www.schneier.com/academic/solitaire/
I have dealt with a similar problem in real life, as a real problem with real
people.
We created a custom Linux environment, burned it to Blu-Ray, and Alice crossed
the border with her Linux environment tucked into her CD player.
On the other side she acquired a laptop, Blu-Ray drive, and USB d
1 - 100 of 2812 matches
Mail list logo
