On Thu, 16 Mar 2017 15:55, pe...@digitalbrains.com said:
> Perhaps we should either retire ciphers with a 64-bit block length or
> make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no
> longer up to the user to be prudent with large amounts of data.
Those who have large amount
> Perhaps we should either retire ciphers with a 64-bit block length or make
> OpenPGP mandatorily rekey after a few gigabytes of data, so it's no longer
> up to the user to be prudent with large amounts of data.
In the next draft of the RFC, I'd like to see 64-bit-block ciphers go the way
of the
On 16/03/17 15:21, Robert J. Hansen wrote:
> -- but I'm unaware of any reason why we should not permit using 3DES as a
> symmetric cipher.
Perhaps we should either retire ciphers with a 64-bit block length or
make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no
longer up to the
> take rjh's caveat with a grain of salt -- GnuPG's interest is in
protecting its
> users. If the project knows something is bad, we're going to try to
protect
> users from it.
In my defense, I never said GnuPG wasn't going to try to protect users from
dangerous things. I said that until the RFC
On Wed 2017-03-15 07:13:18 -0400, Werner Koch wrote:
> On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said:
>
>> So long as you understand GnuPG will not make any changes that break RFC
>> conformance... and dropping SHA1/3DES breaks RFC conformance.
>
> Well, it is possible to use
>
> --weak-di
> --weak-digest SHA1 --disable-cipher-algo 3DES
Yeah, but that's ... *bad*. Breaks most of the Web of Trust, makes most
cert sigs meaningless, removes the fallback cipher ... I think this is a
great example of a cure worse than the disease. :)
Phil Pennock made a post a bit ago detailing his ex
On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said:
> So long as you understand GnuPG will not make any changes that break RFC
> conformance... and dropping SHA1/3DES breaks RFC conformance.
Well, it is possible to use
--weak-digest SHA1 --disable-cipher-algo 3DES
with gpg.
Shalom-Salam,
> Apart from that, as GnuPG is in a kind of symbiosis with
> OpenPGP/RFC4880, I think it's important to discuss this on this mailing
> list (as well).
So long as you understand GnuPG will not make any changes that break RFC
conformance... and dropping SHA1/3DES breaks RFC conformance.
> I agree w
Thank you Robert for your response and point of view.
On 03/13/2017 04:17 PM, Robert J. Hansen wrote:
>> According to the gpg2 man page, 3DES is added always as kind of least
>> common denominator:
>
> This is required behavior per RFC4880. Your concern should be addressed to
> the IETF OpenPGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 13 March 2017 at 11:02:48 PM, in
, Robert J.
Hansen wrote:-
> I don't
> know how you'd
> come up with a real-world case where you'd need a
> common hash algorithm
> set for signing purposes.
GnuPG presumably has a reason for defaulting
>> Again, required per the spec, and this can be
>> prevented by having one person
>> on the list use a DSA-2048/-3072 key, which forbids
>> SHA-1 usage.
>
> Really? many of the messages to the PGPNET discussion group [0] have
> SHA-1 signatures. Messages are signed and encrypted to about 30 keys,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 13 March 2017 at 3:17:07 PM, in
, Robert J.
Hansen wrote:-
> Again, required per the spec, and this can be
> prevented by having one person
> on the list use a DSA-2048/-3072 key, which forbids
> SHA-1 usage.
Really? many of the message
On 03/13/2017 01:47 PM, Ryru wrote:
> Is my understanding correct or do I miss an important fact? What are
> your thoughts about this behaviour?
See section 13.2 of RFC4880, fyi the behavior changes in the context of
RFC6637.
My thoughts; concerns about 3DES are premature. The focus on algorithms
> According to the gpg2 man page, 3DES is added always as kind of least
> common denominator:
This is required behavior per RFC4880. Your concern should be addressed to
the IETF OpenPGP working group, not to GnuPG.
> In my opinion this design decision can lead to serious security troubles.
If
>
Hello List
I'm new to this list and joined because I have some security doubts
regarding encryption preferences (setpref/showpref).
According to the gpg2 man page, 3DES is added always as kind of least
common denominator:
8<---
When setting preferences, you should list the algorithms in the order
15 matches
Mail list logo
