Daniel Kahn Gillmor wrote:
> Actually, it is fairly common in certain circumstances: Certifying
> that another user's key is correctly bound to their User ID (a.k.a.
> "signing someone's key") is effectively making a signature over a
> document that you did not originate.
Yes. And then if you tak
On 05/24/2009 02:15 AM, Robert J. Hansen wrote:
> It depends on what sort of threat you're facing. In this case, the MD5
> attack is predicated on the victim signing documents they did not
> originate. This is often considered bad policy, since it tends to
> facilitate attacks like this. This us
Wow Felipe ... WowT
On Sun, May 24, 2009 at 8:38 AM, webmas...@felipe1982.com
<+gpg2+maniams+aec56db6fa.webmaster#felipe1982@spamgourmet.com> wrote:
>
> > As of this writing, no algorithm supported by GnuPG has been
> > compromised. Even MD5 is still on its feet.
> i don't think this is cor
webmas...@felipe1982.com wrote:
> i don't think this is correct. See:
> http://th.informatik.uni-mannheim.de/People/lucks/HashCollisions/
It depends on what sort of threat you're facing. In this case, the MD5
attack is predicated on the victim signing documents they did not
originate. This is of
> As of this writing, no algorithm supported by GnuPG has been
> compromised. Even MD5 is still on its feet.
i don't think this is correct. See:
http://th.informatik.uni-mannheim.de/People/lucks/HashCollisions/
felipe
___
Gnupg-users mailing list
Gn
Dear Robert
On Sun, May 24, 2009 at 6:42 AM, Subu wrote:
>
>
> On Sun, May 24, 2009 at 6:15 AM, Robert J. Hansen - r...@sixdemonbag.org
> <+gpg2+maniams+ba4eefb302.rjh#sixdemonbag@spamgourmet.com> wrote:
>
>> gpg2.20.mani...@dfgh.net wrote:
>> > What are the algos that are compromised ? or N
gpg2.20.mani...@dfgh.net wrote:
> What are the algos that are compromised ? or NOT to be used ? If this is
> too long a list
Sorry to be so late to the party --
As of this writing, no algorithm supported by GnuPG has been
compromised. Even MD5 is still on its feet.
That said, the SHA-1 and MD5
Dear Members
What are the algos that are compromised ? or NOT to be used ? If this is too
long a list
What are the Algos that are _to_be_
/or/
_could_be_ used
/or/
_not_yet_compromised_
I understand that choosing the key size and algo is something personal and
others cant decide. but I'm tr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Allen Schultz escribió:
> For the reason of SHA1 issues in the news, I've recently set up
> a new OpenPGP key, and
> will be transitioning away from my old one.
...
> To fetch my new key from a public key server, you can simply do:
>
> gpg --keyser
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Allen Schultz wrote:
> Thank you for the information. I will clearsign this using the
> new key only.
> Let me know if this signature does not work either.
OpenPGP Security Info
UNTRUSTED Good signature from Allen Schultz (aldaek)
Key ID: 0xF556
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, May 21, 2009 at 7:31 AM, Raimar Sandner wrote:
> After all the _old_ key could have been compromised, that is
what I meant :)
Thank you for the information. I will clearsign this using the
new key only.
EE79C636 has already been updated [a
On Thursday 21 May 2009 15:15:18 Raimar Sandner wrote:
> I believe (an I think others do too) it is good praxis to not sign new keys
> even if you have signed the old one and the new key is signed by the old
> one, without personally checking with the keyholder first. After all, the
> new key could
Hello
On Thursday 21 May 2009 11:35:44 Allen Schultz wrote:
> For the reason of SHA1 issues in the news, I've recently set up
> a new OpenPGP key, and
> will be transitioning away from my old one.
> This message is signed by
> both keys to certify the
> transition.
I have not recieved signatures
Allen Schultz wrote the following on 5/21/09 5:35 AM:
[...]
>
> Please let me know if there is any trouble, and sorry for the
> inconvenience.
[...]
No inconvenience.
Results of signature verification and key usage:
-BEGIN GPG OUTPUT-
gpg: Signature made Thu May 21 05:34:13 2009 EDT u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256,SHA1
For the reason of SHA1 issues in the news, I've recently set up
a new OpenPGP key, and
will be transitioning away from my old one.
The old key will continue to be valid for some time, but i
prefer all future
correspondence to come to the new o
15 matches
Mail list logo
