GnuPG FUSE FS would be very hard.
-- Roscoe
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Thu, May 20, 2010 at 9:17 AM, Frank wrote:
...
> The stick is yes, a openpgp smartcard with a USB
> interface not more than that.
Well, the programmable 32bit ARM MCU in there isn't to be forgotten :)
-- Roscoe
___
Gnupg-users mailing
disappearing anymore
than you have to worry about gpg disappearing. Also being pretty
simple to begin with and five years old now, there's not much
maintaining to be done.
If you lack the skill to port it and need it done pay someone to do it :)
(I'd talk to
not implement Shamir's scheme.
And what makes you think that?
-- Roscoe
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
.
I think signing of software to be a pretty important thing, and
represents a relatively large userbase that's not to be overlooked.
Though, admittedly, some proportion of them are indifferent towards
it.
-- Roscoe
___
Gnupg-users mailing list
Gnupg-
oducts.
In Australia you can also end up in jail for not handing over encryption keys.
-- Roscoe
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Thu, Jul 9, 2009 at 3:36 AM, David Shaw wrote:
...
> If you're looking for a more immediate reason, though, note that if you make
> a RSA key larger than 2048 bits you can't use it with the spiffy new OpenPGP
> smartcard.
Oh, something I've been for. Any
or an attack to work, you're
pretty confidently fine.
HTTPS doesn't buy us much in my opinion, webservers are being cracked
all the time.
-- Roscoe
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Dunno how likely it is, but maybe someone made an attempt at hiding
the size of the file in transit via appending arbitrary data.
2009/1/10 Scott Lambdin :
> Hello -
>
> Someone sends us a big ~700MB pgp encrypted file and when we decrypt it the
> resulting file is about half that size. Anyone ha
On Tue, Jul 22, 2008 at 12:08 PM, Ian Zimmerman <[EMAIL PROTECTED]> wrote:
> I have a local file that I want to encrypt and upload to a remote
> machine in encrypted form. Encrypting is farily quick, but uploading is
> slow, so I use rsync for the other (unencrypted) files. But the fact
> that th
Would a smartcard address this private key compromising problem?
On Mon, Jun 9, 2008 at 2:52 AM, Andrew Berg <[EMAIL PROTECTED]> wrote:
> Robert J. Hansen wrote:
>>
>> If you don't have physical security over your hardware, you don't have
>> anything. You cannot use GnuPG safely on a malicious ma
I would have thought the 'secret' in shamirs secret sharing scheme
could be an arbitrary piece of data?
On Mon, May 12, 2008 at 1:28 PM, <[EMAIL PROTECTED]> wrote:
> Roscoe eocsor at gmail.com
> wrote Mon May 12 09:02:32 CEST 2008 :
>
> >> For my curiosity
http://point-at-infinity.org// works good for passwords to keys :)
On Mon, May 12, 2008 at 12:00 AM, <[EMAIL PROTECTED]> wrote:
>
> For my curiousity, has anyone used threshold (split-key)
> crypto for key protection? One can do a lot of things
> w/ threshold, but probably not so easily w/
Not really answering your question but...
openssl could be an option, as I gather that supports a few crypto
accelerators. I presume it would use them when calling openssl enc.
2008/3/13 pub crawler <[EMAIL PROTECTED]>:
> We are new to GnuPG started using this in the past few weeks.
>
> We ha
ould allow
two modes of registration, one requiring a trusted key and the other
requiring ID of some sort. (Now you've made yourself effectively a
certificate authority, though)
-- Roscoe
On Jan 1, 2008 2:10 AM, Hardeep Singh <[EMAIL PROTECTED]> wrote:
> Hi All
>
> Current
http://www.samsimpson.com/cryptography/pgp/pgpfaq.html
PGP DH vs. RSA FAQ
Copyright (c) 1999 S.Simpson - All Rights Reserved
A bit old, but I still found it interesting when I read it (wasn't
quite so old then :).
-- Roscoe
On Nov 26, 2007 7:26 PM, <[EMAIL PROTECTED]> wrote:
>
<[EMAIL PROTECTED]> wrote:
> On Fri, 2007-11-02 at 14:20 +0930, Roscoe wrote:
> > I don't see any worthwhile gain over setting a strong passphrase, and
> > then secret sharing that passphrase with .
>
> Fewer things can go wrong.
>
> Secret shared passphrase
I don't see any worthwhile gain over setting a strong passphrase, and
then secret sharing that passphrase with .
In Roberts example if you were to use +paperkey you'd merely
export an encrypted secret key, and then print in the line above it an
share.
As far as I can see this would p
ord of their password for when their memory fails them.
(I think splitting a password into a few shares and distributing them
in suitable places is a sane way of writing down passwords. Other
people may disagree.)
http://www.point-at-infinity.org//
BW laser printers are pretty cheap now :)
-
ther users
private keys on that host, unless file permissions are setup as such.
You didn't make any mention of automated decryption, but your
consultants quote makes more sense if you replace encrypt with
decrypt.
-- Roscoe
On 8/24/07, Greg Motter <[EMAIL PROTECTED]> wrote:
>
> Hel
RSA keysize will influence how long it takes you to encrypt or sign a
message. But how long the RSA signing/encryption step takes is going
to be the same no matter what the message length. That's because you
are only ever signing a hash of the message or encrypting the
symmetric session key used to
Thanks for all the replies :)
I just tried OCR-A but with limited success. Will add in par2 and see
how things go with that.
2D barcode seems alot more suited to the problem, will report back on
how well that goes :)
And yes, the ctan ocr package does have +=-/
http://www.ctan.org/tex-archive/m
ming to do this with just Free/Open software.)
-- Roscoe
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Swap is indeed optional.
I've been running Debian with X/e16/screen/vim/irssi/xmms/mozilla for
a a while (a year? or two?) and never noticed any performance
difference. I doubt anyone else would either.
(DDR2-800 2048MB, 2GHz dual core Athlon, before that DDR-400 1024MB,
2GHz single core Athlon).
Rather than revoke the key why not create a new uid (and revoke the old uid)?
On 4/14/07, Chris <[EMAIL PROTECTED]> wrote:
> This may sound simple, but I want to make sure I get it done right. My ISP/DSL
> provider, Embarq, has dumped Earthlink as their mail provider sine 9 April
> and setup their
I'm a bit confused about this too.
http://fsfe.org/en/card/howto/subkey_howto says:
This howto describes setting up your computer to use the Fellowship
card with subkeys only. We recommend this, as it is the most secure
usage."
For what reasons is it more secure than putting (or generating) your
I noticed this plugin for squirrelmail if you wanted to do it on your
own server:
http://www.squirrelmail.org/plugin_view.php?id=153
Aside from that there are a few services around, like hushmail.com
that'll do what you want.
On 3/23/06, D_C <[EMAIL PROTECTED]> wrote:
> hello group -
>
> apolo
Sure will.
gpg -c is what you want.
Make sure you are using a MDC, which means either using one of the
128bit blocksize ciphers (your gpg will probably use AES256 by
default, which is good - gpg -vc to find out) or passing the
--force-mdc option.
If you want protection in the way of recovering
Seeing as a detached sig is just a signed hash, you could hash the
file remotely then copy the hash over and construct a detached sig
from that. I imagine no current app supports that kind of thing(??) so
that might involve X amount of pissing about coding your own solution.
Many folk just run sha
(I know. We already have lots of threads about the net on password length).
Heres my two cents, from someone who has zero security/cryptographic
background (:
Bruteforcing 256bit keys is on a level of hardness that pretty much
renders it impossible.
So I wouldn't really bother trying to make a p
LZMA seems to be notably[1] faster/better than BZIP2, which has made
it into the standard so I wouldn't immediately rule out its
suitability for OpenPGP.
That said I don't much think it should be included. It could *replace*
BZIP2 but replacing BZIP2 with LZMA would break backwards
compatibility a
Well, I don't think the difficulty of breaking a asymmetrical key
doubles per bit like it does for symmetical keys.
>From wikipedia:
"As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent
in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit
symmetric keys and 3072-bit
I imagine it's because stable is frozen. Hence only fixes will get in
- and not new vewsions.
(I maybe wrong on that.)
(Naturally that only applies to stable..)
Building and installing your own gnupg.deb from gnupg.org sources has
significant merits though.
(For those unfamilar its a three command
First:
Sure, with enough anything can be brute forced.
But what happens when that "enough" isn't possible?
Brute forcing (alone) 256-bit keys is a joke. It's just not a issue.
Second:
Being investigated by animal rights folk does *not* make you a terrorist.
Now back to being on topic but still
Curious, anyone know how many passwords/second that gets?
On 8/10/05, Folkert van Heusden <[EMAIL PROTECTED]> wrote:
> If it is not too long (too many characters), try 'nasty':
> http://www.vanheusden.com/nasty/
>
> On Tue, Aug 09, 2005 at 10:10:20PM +0530, Thutika, Srinivas (ODC - Satyam)
> wro
number processed: 1
gpg: imported: 1
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 4 signed: 4 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1 valid: 4 signed: 0 trust: 1-, 0q, 0n, 3m, 0f, 0u
gpg: next trustdb check due at 2005-10-06
g
On 8/4/05, Ryan Malayter <[EMAIL PROTECTED]> wrote:
> My test show 7-zip yields ~228 Mbps on a 2.4 GHz P4. The only cipher
> available with this program is AES256 in (I believe) ECB mode.
You seem pretty knowledgeable, but I'll say it anyway:
ECB in general shouldn't be used. Especially in the c
I suggest looking at openssl. I'd hazard a guess that most nix OS's
end up with it installed.
The speed command does benchmarking :)
Barton 2Ghz:
$ openssl speed aes-256-cbc bf-cbc
Doing aes-256 cbc for 3s on 16 size blocks: 6396149 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 64 size bloc
loop-aes is not in the vanilla kernel sources.
dm-crypt and cryptoloop are.
cryptoloop is depreciated, use dm-crypt instead.
dm-crypt'd main advantage is that it's already in the kernel, whereas
loop-aes is a add-on. Look at the different modes of encryption
supported and make a decision from ther
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-13.txt
That would be all you need I think.
On 6/8/05, Oskar L. <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I export a public key in binary format and open it in a hex editor. Is
> there any documentation explaining what I see? Like if t
Bit early in the morning to try to comprehend your main question, but
I can answer the question about the string to key part :).
There are 3 ways to generate a key from a password outlined in the rfc:
1. Merely hashing password.
2. Salting then hashing.
3. Salting then hashing, then hashing aga
Well,
A 128bit key has 340282366920938463463374607431768211456 possible combinations
Lets say there are about 10 words in your dictionary. Lets also
say there are about 100 different characters on your keyboard.
Now for password of random characters we would need:
log(34028236692093846346337
Well, this is generally what I do to achieve that effect:
... | gpg -r $YOU -o backup.`date +%y%m%d`.cpio.gpg -e
On 5/22/05, Per Tunedal Casual <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi again,
> I just thought of a new feature:
> Add date and time to f
loop-aes comes with the following patch for gnupg:
"
--- gnupg-1.4.1/g10/passphrase.c.oldTue Feb 15 13:02:31 2005
+++ gnupg-1.4.1/g10/passphrase.cWed Mar 16 17:35:20 2005
@@ -1331,7 +1331,7 @@
if( create && !pass ) {
randomize_buffer(s2k->salt, 8, 1);
gmail supports pop so thats one way with the help of a pop3 speaking
email client.
I personally just write my email in my text editor then pipe it
through gpg --clearsign [or -ae] then paste it into the webmail
interface. Sure its not the worlds fastest operation but hey, its <5%
of the time it to
45 matches
Mail list logo
