Am 16.03.2015 um 08:48 schrieb Werner Koch:
> On Sun, 15 Mar 2015 23:38, st...@mailbox.org said:
>
>> Thanks, Werner. I read that, but I was particularly interested in how to get
>> GnuPG work with haveged.
>
> You should feed it into /dev/random or get into the kernel proper. This
> way all app
On Sun, 15 Mar 2015 23:38, st...@mailbox.org said:
> Thanks, Werner. I read that, but I was particularly interested in how to get
> GnuPG work with haveged.
You should feed it into /dev/random or get into the kernel proper. This
way all applications can benefit from it.
> So, I guess it would n
Am 15.03.2015 um 20:50 schrieb Werner Koch:
> On Sun, 15 Mar 2015 16:32, st...@mailbox.org said:
>
>> Now, I'll look for information on how RNG in GnuPG exactly works. It *seems*
>> that haveged should impact on the gathering of entropy (available) at the
>> moment
>> of keypair generation on any
On Sun, 15 Mar 2015 16:32, st...@mailbox.org said:
> Now, I'll look for information on how RNG in GnuPG exactly works. It *seems*
> that haveged should impact on the gathering of entropy (available) at the
> moment
> of keypair generation on any GNU/Linux PC/laptop equipped with it (specific
You
Am 15.03.2015 um 16:32 schrieb Stephan Beck:
> Am 15.03.2015 um 13:59 schrieb Robert J. Hansen:
>>> Wouldn't the installation of haveged, at least for GNU/linux distros,
>>> extend the possibilities of traditional /dev/(u)random based RNG?
>>
>> No idea -- I haven't looked at haveged. Sorry. :(
Am 15.03.2015 um 13:59 schrieb Robert J. Hansen:
>> Wouldn't the installation of haveged, at least for GNU/linux distros,
>> extend the possibilities of traditional /dev/(u)random based RNG?
>
> No idea -- I haven't looked at haveged. Sorry. :(
Well, I forgot to include relevant information (s
> Wouldn't the installation of haveged, at least for GNU/linux distros,
> extend the possibilities of traditional /dev/(u)random based RNG?
No idea -- I haven't looked at haveged. Sorry. :(
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lis
On 13/03/15 22:33, Robert J. Hansen wrote:
> And if you don't trust /dev/urandom, I'd suggest using a different
> operating system, because that's a game-over compromise.
I trust both /dev/random and the sanity of the default settings of
GnuPG. And when I'm generating a key in GnuPG, I put my tru
On 3/13/15 2:17 PM, Peter Lebbing wrote:
On 2015-03-13 19:54, Doug Barton wrote:
But it is a
major source of frustration when folks take comments out of context to
use the tiniest bit of leverage with which to forward an agenda.
WHAT?!?!
It is true, text is a truly god awful medium to communi
Am 13.03.2015 um 22:33 schrieb Robert J. Hansen:
> GnuPG doesn't have one RNG. It has *many* RNGs. Some of them are
> really just thin wrappers over lower-level OS facilities. And if you
> don't trust /dev/urandom, I'd suggest using a different operating
> system, because that's a game-over com
> Make that: I trust the RNG of GnuPG. There's more to it than what is
> provided by the Linux kernel.
Be careful. When was the last time you checked the GnuPG code? And
when was the last time you checked the options your distro maintainer
used to build your GnuPG? :)
GnuPG doesn't have one R
On 2015-03-13 15:40, Peter Lebbing wrote:
I consider this the inferior of the two methods because I
trust the RNG of Linux much more than I trust the RNG of a smartcard
that costs a few euros to produce.
Make that: I trust the RNG of GnuPG. There's more to it than what is
provided by the Linux
On 2015-03-13 19:54, Doug Barton wrote:
But it is a
major source of frustration when folks take comments out of context
to
use the tiniest bit of leverage with which to forward an agenda.
WHAT?!?!
It is true, text is a truly god awful medium to communicate in.
We are apparently completely u
On 3/13/15 7:22 AM, Peter Lebbing wrote:
I interpreted Dougs message as saying that a disadvantage of smartcards,
as opposed to on-disk keys, is that you lose the key when the smartcard
stops functioning. I was replying to this statement by Doug:
Further, the inconvenience of having to deal wit
On 3/13/15 11:23 AM, Robert J. Hansen wrote:
Seriously? Wasn't it obvious from the context of what Robert and
I wrote that we were talking about keys that existed only on a
card?
Let's calm things down, folks. :)
FWIW, I'm perfectly calm, as in the sense of not angry. But it is a
major sourc
> Seriously? Wasn't it obvious from the context of what Robert and I
> wrote that we were talking about keys that existed only on a card?
Let's calm things down, folks. :)
We're communicating in a text medium. Sometimes, things we think are
obvious aren't obvious to others. Let's take a deep b
On 2015-03-13 15:31, Brian Minton wrote:
If a key is generated externally, a backup can be taken before the
key
is moved to the card. For a key generated on the card, there is (by
design), no way to extract the secret key, including for the purpose
of
backing it up
When you ask GnuPG to cre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
If a key is generated externally, a backup can be taken before the key
is moved to the card. For a key generated on the card, there is (by
design), no way to extract the secret key, including for the purpose of
backing it up
-BEGIN PGP SIGNATURE
I interpreted Dougs message as saying that a disadvantage of
smartcards, as opposed to on-disk keys, is that you lose the key when
the smartcard stops functioning. I was replying to this statement by
Doug:
Further, the inconvenience of having to deal with generating and
socializing a new key
> Of course not (I hope). You keep a backup of your key in a safe
> place. This goes for smartcard keys as well. The situation is the
> same whether you use a smartcard or not.
This is not true. There are a lot of use cases where "there are no
backups of this smart-card key" are baked into the se
On 12/03/15 20:17, Doug Barton wrote:
> Further, the inconvenience of having to deal with generating and
> socializing a new key if your smart card gets lost, becomes inoperable,
> etc. is way too high a cost for near-zero benefit.
And what if your hard drive holding your on-disk key crashes? Do y
On 12.03.15 20:52, Robert J. Hansen wrote:
>> My point was that you wrote multiple paragraphs worth of stories on
>> > two emails from which I really got the impression that people should
>> > just not bother.
> In response to someone who was thinking that storing keys on your hard
> drive was cat
> I would go so far as to say for the vast majority of users they are
> totally unnecessary. It's cool to play with smart cards, and I'm all
> in favor of that sort of thing ... but for the overwhelming number of
> PGP users the threat model just isn't there.
I dunno. I think there are some good
On 3/12/15 8:51 AM, Robert J. Hansen wrote:
For many users, smart cards are a good idea. (I've got one myself.)
But for just as many users, smart cards are inconvenient and overkill.
I would go so far as to say for the vast majority of users they are
totally unnecessary. It's cool to play wit
> Yes, thanks a lot. From your answer I deduce that a single-user,
> non-professional environment may not require use of a smart card, or
> may not require it with the necessity it may have in high-security
> environments.
Yep! And just as importantly: it may require it. It depends on your
th
> My point was that you wrote multiple paragraphs worth of stories on
> two emails from which I really got the impression that people should
> just not bother.
In response to someone who was thinking that storing keys on your hard
drive was categorically unsafe, and that smart cards were categori
On 12.03.15 19:21, Robert J. Hansen wrote:
> If you think I'm portraying them as "completely unusable," then I think
> you didn't bother to read my message very closely.
I read both of your messages quite closely. Had you merely pointed out
the downsides of having to carry a card, a reader etc. I
> That's quite a personal issue to count as a failing of smart cards.
Sure! And I even said that. "For many users, smart cards are a good
idea. (I've got one myself.) But for just as many users, smart cards
are inconvenient and overkill." Your use case isn't my use case.
That said, I've hear
Am 12.03.2015 um 16:51 schrieb Robert J. Hansen:
>> As to your enigmail essay, point 1, would you go that far that
>> keeping keys on hard disk is unsafe and using a smart card is a
>> must?
>
> If email crypto makes it hard to read email, few people will adopt the
> technology. We want technolo
> But for just as many users, smart cards are inconvenient and overkill.
> Frankly, they have awful usability, just terrible.
…
> finding the smart card is
> easy -- it's in my wallet -- but finding the smart card *reader* is the
> sort of thing that leads me to crazed conspiracy theories.
That's
> There are USB-Sticks with an embedded smart card controller that
> take away the burden to find a working card reader (which _is_ a real
> pain). The one we use has a standard CCID interface that works
> without driver installation on the majority of operating systems.
Yeah -- back in 2000 I use
On 03/12/2015 04:51 PM, Robert J. Hansen wrote:
> For many users, smart cards are a good idea. (I've got one myself.)
> But for just as many users, smart cards are inconvenient and overkill.
> Frankly, they have awful usability, just terrible. When I receive an
> email message encrypted to my sma
> As to your enigmail essay, point 1, would you go that far that
> keeping keys on hard disk is unsafe and using a smart card is a
> must?
For many users, smart cards are a good idea. (I've got one myself.)
But for just as many users, smart cards are inconvenient and overkill.
Frankly, they have
Hi Robert,
Am 11.03.2015 um 18:10 schrieb Robert J. Hansen:
> "Things you're doing wrong with Enigmail" is a short (500-word) essay on
> four mistakes I repeatedly see Enigmail users making. However, it's not
> limited to Enigmail: most of the content is broadly applicable to any
> cryptosystem.
rise my Enigmail speed-geeking presentation, so I wrote
it up and put it online.
"Things you're doing wrong with Enigmail" is a short (500-word) essay on
four mistakes I repeatedly see Enigmail users making. However, it's not
limited to Enigmail: most of the content is b
35 matches
Mail list logo
