On 2/20/07, Janusz A. Urbanowicz <[EMAIL PROTECTED]> wrote:
> * without having recipient pubkey it is impossible to determine the recipient
> of the message (assuming the subkey ID is not widely known)
...
If the system was designed for the real world, the encrypted message
would, by default, consi
Janusz A. Urbanowicz alex at bofh.net.pl wrote on
Tue Feb 20 15:24:40 CET 2007 :
>* it is possible to hide recipient's completely ID by using --
throw-keyid
well, not 'completely'
running gpg-list-packets or pgpdump on the encrypted message,
lists the key-type (dh or rsa), key size, and symmetr
vedaal at hush.com vedaal at hush.com
Tue Feb 20 18:16:52 CET 2007 wrote:
> running gpg-list-packets or pgpdump on the encrypted message,
lists the key-type (dh or rsa), key size, and symmetric algorithm
used
sorry,
my mistake ;-((
pgpdump doesn't list which symmetric algo,
only lists that an
NikNot schrieb:
> Unfortunately, the whole GPG, with WebOfTrust construct, makes the
> assumption that there is no need whatsoever to protect the identity of
> the secret key holder
You have, however, the possibility of using pseudonyms as UID. Only the
signers of your key would have to know about
On 2/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> pgpdump doesn't list which symmetric algo,
> only lists that an mdc was or wasn't used
The attacker performing large-scale traffic uses his own software that
is - so it must be presumed - capable of distilling all (to him)
usefull informat
On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote:
> On 2/19/07, Adam Funk <[EMAIL PROTECTED]> wrote:
> >Is there any reason to physically secure your *public* keyring in
> >... (Well, I suppose you might want to hide your secret identity!)
>
> Unfortunately, the whole GPG, with WebOfTrust c
On 2/19/07, Joseph Oreste Bruni <[EMAIL PROTECTED]> wrote:
> It's funny you mention this: I got into an argument with a
> "consultant" about how X.509 certificates are a privacy violation
> because your identity is encoded into the "subject" field. I kept
> asking him, "How would you know whose ce
Adam Funk wrote:
> On 2007-02-19, John Clizbe wrote:
>
>> The passphrase is only one protection on your keypair and it's
>> pretty much the protection of last resort - given an easily
>> guessable/brute-forced passphrase, it's "Game-Over." if an attacker
>> gets access to the keyring files. Anothe
On Feb 19, 2007, at 11:54 AM, NikNot wrote:
On 2/19/07, Adam Funk <[EMAIL PROTECTED]> wrote:
Is there any reason to physically secure your *public* keyring in
... (Well, I suppose you might want to hide your secret identity!)
Unfortunately, the whole GPG, with WebOfTrust construct, makes
On 2/19/07, Adam Funk <[EMAIL PROTECTED]> wrote:
> Is there any reason to physically secure your *public* keyring in
> ... (Well, I suppose you might want to hide your secret identity!)
Unfortunately, the whole GPG, with WebOfTrust construct, makes the
assumption that there is no need whatsoever
On 2007-02-19, John Clizbe wrote:
> The passphrase is only one protection on your keypair and it's
> pretty much the protection of last resort - given an easily
> guessable/brute-forced passphrase, it's "Game-Over." if an attacker
> gets access to the keyring files. Another protection is to
> phys
On Mon, Feb 19, 2007 at 09:21:56AM -0500, [EMAIL PROTECTED] wrote:
> I have been using gpg to encrypt/decrypt files on my computer "for my
> eyes only". I have been using my public/private keypair on my keyring
> to do so. I just discovered that I can use encrypt/decrypt local
> files using a sy
[EMAIL PROTECTED] wrote:
> I have been using gpg to encrypt/decrypt files on my computer "for my
> eyes only". I have been using my public/private keypair on my keyring
> to do so. I just discovered that I can use encrypt/decrypt local
> files using a symmetric cipher--i.e., you enter one secret
I have been using gpg to encrypt/decrypt files on my computer "for my
eyes only". I have been using my public/private keypair on my keyring
to do so. I just discovered that I can use encrypt/decrypt local
files using a symmetric cipher--i.e., you enter one secret passphrase
to encrypt and then e
14 matches
Mail list logo
