--- Kurt Fitzner <[EMAIL PROTECTED]> wrote:
> Realos wrote:
> > What would you suggest in this case? A brute force
> attack with some
> > software if I know part of the password? What tool
> is suitable for that?
>
> There isn't any software that I know of to
> brute-force a GnuPG password.
Act
David Shaw wrote:
>Anyway, do this:
>
>gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key (thekeyid)
>
>
Is this possible with the selfsigs on subkeys, too?
Chris.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.
David Shaw wrote:
>If an attacker compromises the keyserver or in any way distributes
>your key himself, he can remove the new self-sig, leaving the old one
>behind.
>
>
Isn't it possible to revoke the older selfsig?
Of course, it's still possible for an attacer to compromise the
keyserver and/
On Wed, Jan 04, 2006 at 07:01:17PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >If an attacker compromises the keyserver or in any way distributes
> >your key himself, he can remove the new self-sig, leaving the old one
> >behind.
> >
> >
> Isn't it possible to revoke the olde
On Wed, Jan 04, 2006 at 04:20:20PM +0100, Christoph Anton Mitterer wrote:
> David Shaw wrote:
>
> >Anyway, do this:
> >
> >gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key (thekeyid)
> >
> >
> Is this possible with the selfsigs on subkeys, too?
No.
David
On Thu, Jan 05, 2006 at 12:21:00AM -0500, Atom Smasher wrote:
> has anyone given any thought to what would be the difference between
> carefully and carelessly making hard-copy backups of secret keys?
>
> i mean, it would be stupid to print a copy of ones secret key (with a weak
> passphrase) an
Hello.
I downloaded GnuPG source and checked its signature (under Windows):
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2
ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.2.tar.bz2.sig
Then I rebooted into recently installed Debian GNU/Linux 3.1r0a system
and built program from source:
$ cd /ho
lusfert wrote:
> $ cd /home/[user]/
> $ bunzip2 gnupg-1.4.2.tar.bz2
> $ tar xvf gnupg-1.4.2.tar
tar xjvf will combine the tar extract operation with the bunzip
> $ cd ./gnupg-1.4.2
> $ ./configure
> $ make
Thus is normally the point where one tests the built code *before*
'make install'.
> # m
On Thu, 5 Jan 2006, Janusz A. Urbanowicz wrote:
from my experience, all keys for long-term, _safe storage_ (and after
revocation) should be kept with no passphases at all
human memory is very volatile and some day you gonna need to decrypt an
old email encrypted with the key you revoked in 19
On Thu, Jan 05, 2006 at 02:07:17PM -0500, Atom Smasher wrote:
> On Thu, 5 Jan 2006, Janusz A. Urbanowicz wrote:
>
> >from my experience, all keys for long-term, _safe storage_ (and after
> >revocation) should be kept with no passphases at all
> >
> >human memory is very volatile and some day you
On Thu, 5 Jan 2006, Samuel ]slund wrote:
In Sweden people with weapon licenses are required to either keep their
weapons locked up in a safe that is non-trivial to move or store them
with the "vital part" and ammunition removed and hidden in different
places.
Might be applicable?
==
I hope I'm not off-topic but I have a question about WinPT. It seems that I
can refresh or add to the public keyring from the CLI with gpg but I can't
refresh the keys using the same server from within WinPT. I keep getting an
error about WinPT not able to access the server. I tried the other
p
12 matches
Mail list logo
