On Mon, Jul 21, 2014 at 09:12:36AM -0400, Mark H. Wood wrote:
> On Sat, Jul 19, 2014 at 05:46:02PM -0700, Bob Holtzman wrote:
> > On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote:
> > > > A factor of two is "immense" to you...?
> > >
> > > Yes. A secret that only I know I can keep
On Sat, Jul 19, 2014 at 05:46:02PM -0700, Bob Holtzman wrote:
> On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote:
> > > A factor of two is "immense" to you...?
> >
> > Yes. A secret that only I know I can keep; a secret known to two people
> > can only be kept for a while. Yes, t
On Sat, Jul 19, 2014 at 01:55:45PM -0400, Robert J. Hansen wrote:
> > A factor of two is "immense" to you...?
>
> Yes. A secret that only I know I can keep; a secret known to two people
> can only be kept for a while. Yes, that's an immense difference.
Old Hell's Angels saying, "3 people can ke
> I guess the typical case would be that either the sender or the
> recipient wants the communication encrypted (probably uses real crypto
> himself) and would use symmetric encryption as the fastest and easiest
> way to enable the other one to do that (or the only way the other party
> accepts
Am Sa 19.07.2014, 22:37:24 schrieb Ingo Klöcker:
> > > And what's your threat model, i.e. what do you want to achieve by
> > > your symmetric email encryption scheme?
> >
> > Same answer: This is for users who don't need any threat model
> > consider
il file for those who want to give this a try:
>
> http://www.crypto-fuer-alle.de/docs/mail-symmetric/mail.cr-lf.eml
Thanks for testing (also to Mirimir and MFPA).
> > And what's your threat model, i.e. what do you want to achieve by
> > your symmetric email encryp
On Saturday 19 July 2014 03:46:56 Hauke Laging wrote:
> I guess this discussion does not go well because of a misunderstanding
> or wrong expectations.
>
>
> You and Ingo are talking about "real crypto" issues.
Actually, concerning your proposal, I'm more talking about usability. To
encrypt a m
> A factor of two is "immense" to you...?
Yes. A secret that only I know I can keep; a secret known to two people
can only be kept for a while. Yes, that's an immense difference.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 18 July 2014 at 11:34:19 PM, in
, Ingo Klöcker wrote:
> Sure. But the NSA already knows the correspondents of
> all of our mail anyway. Keyserver lookups do not add
> any additional data (except of the information that you
> are try
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 19 July 2014 at 4:41:10 AM, in
, Mirimir wrote:
> I just emailed that to myself using Thunderbird +
> Enigmail in Ubuntu. I was prompted for a password, and
> "foo" decrypted the symmetrically encrypted block.
I did a similar thin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 18 July 2014 at 8:23:08 PM, in
, ved...@nym.hush.com
wrote:
> The only annoyance with this type of approach, is that
> it needs a separate passphrase for each correspondent,
How? Running "gpg --symmetric test.txt" only gives me the
On 07/18/2014 08:37 PM, Hauke Laging wrote:
> I have prepared a mail file for those who want to give this a try:
>
> http://www.crypto-fuer-alle.de/docs/mail-symmetric/mail.cr-lf.eml
I just emailed that to myself using Thunderbird + Enigmail in Ubuntu. I
was prompted for a password, and "foo"
gt; the same trivial symmetric encryption password for all "encrypted"
> messages?
The only thing I want to prevent them from doing is using some other
technology for symmetric encryption. I am not going to advocate this as
"the way to go". It seems to me that you (and Rob)
Am Fr 18.07.2014, 22:51:13 schrieb Robert J. Hansen:
> > Are symmetric keys more probable to be compromised than asymmetric
> > ones?
> Immensely. An asymmetric key is a secret held by one person; a
> symmetric key is a secret shared by two or more.
A factor of two is "immense" to you...?
Furthe
> Are symmetric keys more probable to be compromised than asymmetric ones?
Immensely. An asymmetric key is a secret held by one person; a
symmetric key is a secret shared by two or more.
> What I am suggesting is neither an alternative to regular OpenPGP
> encryption nor meant as "real crypto"
Am Fr 18.07.2014, 13:49:54 schrieb Robert J. Hansen:
> If/when a key is compromised, all traffic that has been generated or
> will be generated with that key gets compromised, and there's no
> guarantee about whether you'll know the key is compromised -- so it's
> only sane to have an agreed-upon
ch brings me to another issue I have with your
proposal: How do you want to prevent the users from using the same
trivial symmetric encryption password for all "encrypted" messages?
And what's your threat model, i.e. what do you want to achieve by your
symm
On Friday 18 July 2014 21:01:54 Peter Lebbing wrote:
> On 18/07/14 15:40, Ingo Klöcker wrote:
> > OpenPGP keys are created and uploaded to some key server
> > automatically, and they are looked up and used automatically
>
> This creates a privacy issue with key lookup. It exposes
> correspondents
On 2014-07-18 at 19:39, Ingo Klöcker wrote:
> Sure. But the fingerprint is only used once (for verifying the key). And
> it's not even secret information, so exchange via an insecure channel is
> not an issue (at least, not a severe issue).
>
> OTOH, symmetric keys really should be exchanged via
> I think what Hauke meant was an exchange of the *passphrase* for the
> symmetric encryption, not the session key.
Same issue, although now you're sharing the seed to a random number
generator for which you want the seed to expire very quickly. You can
mitigate this somewhat using gating and som
On 7/18/2014 at 1:52 PM, "Robert J. Hansen" wrote:
>
>> Symmetric keys and fingerprints have to be exchanged through a
>secure
=
I think what Hauke meant was an exchange of the *passphrase* for the symmetric
encryption, not the session key.
The symmetric keys would always change with ea
On 18/07/14 15:40, Ingo Klöcker wrote:
> OpenPGP keys are created and uploaded to some key server
> automatically, and they are looked up and used automatically
This creates a privacy issue with key lookup. It exposes correspondents
to the keyserver, including time-of-use.
Also, you need to defin
> Symmetric keys and fingerprints have to be exchanged through a secure
> channel only once.
Whoa, let's back that up a moment.
Fingerprints and symmetric keys need to be exchanged *as often as they
change*. Which, in the case of symmetric keys, is quite frequently.
If/when a key is compromised
On Friday 18 July 2014 19:21:05 Hauke Laging wrote:
> Am Fr 18.07.2014, 09:46:14 schrieb Doug Barton:
> > Hauke,
> >
> > I think you skated past a previous question about your idea, and I'm
> > also interested in the answer so I'll ask it again. :)
> >
> > If you have a secure channel of communic
Am Fr 18.07.2014, 09:46:14 schrieb Doug Barton:
> Hauke,
>
> I think you skated past a previous question about your idea, and I'm
> also interested in the answer so I'll ask it again. :)
>
> If you have a secure channel of communication by which you can
> exchange the symmetric password (which yo
Hauke,
I think you skated past a previous question about your idea, and I'm
also interested in the answer so I'll ask it again. :)
If you have a secure channel of communication by which you can exchange
the symmetric password (which you would need to make your scheme work),
why don't you use
Am Fr 18.07.2014, 15:40:34 schrieb Ingo Klöcker:
> > And, quite important: It would not require serious
> > development effort as this possibility is built-in with GnuPGP.
>
> I think you underestimate the development effort.
That is easily possible. But what would have to be done (at least)?
On Friday 18 July 2014 02:03:24 Hauke Laging wrote:
> Hello,
>
> is there any OpenPGP mail client which supports symmetric encryption?
KMail does not. At least, KMail does not support creating such messages.
It's possible that KMail would be able to read such messages since the
decryption is de
Evaluate http://bitmail.sf.net
Am 18.07.2014 02:04 schrieb "Hauke Laging" :
> Hello,
>
> is there any OpenPGP mail client which supports symmetric encryption?
>
> I think that would be a nice feature for recipients who don't have an
> asymmetric key (those 99%). Many new communication systems have
Am Do 17.07.2014, 21:02:06 schrieb Robert J. Hansen:
> > I think that would be a nice feature for recipients who don't have
> > an
> > asymmetric key (those 99%).
>
> But given the overwhelming majority of GnuPG users have an asymmetric
> key, this is ... kind of pointless.
You haven't understood
> I think that would be a nice feature for recipients who don't have an
> asymmetric key (those 99%).
But given the overwhelming majority of GnuPG users have an asymmetric
key, this is ... kind of pointless.
> Is there any reason *not* to support symmetric-only encryption in a mail
> client?
B
Hello,
is there any OpenPGP mail client which supports symmetric encryption?
I think that would be a nice feature for recipients who don't have an
asymmetric key (those 99%). Many new communication systems have a
fallback option for symmetric encryption in case the preferred way is
unavailable
32 matches
Mail list logo
