-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello BosseB !
BosseB wrote:
> I found GPGShell and tried it but it did not offer a context menu in
> Windows Explorer just a rather strange regular program window which is
> not intuitive to use for a Windows user at least. It starts up with
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello BosseB !
BosseB wrote:
> So I have installed both GPGShell and GPGee and all I see in my
> Windows Explorer shell is GPGee.
> How can I make GPGShell appear?
> And how does it look like?
First of all, uninstall both.
After, rein
Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
>From what I understand Hushmail is based on OpenPGP so it should work.
The key I have from my Hushmail account is 2048bit in length but once I
copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
anymore, any ide
Hi Robert.
On Thu, Sep 10, 2009 at 3:05 AM, Robert J. Hansen wrote:
> Add these lines to your gpg.conf file:
>
> personal-digest-preferences SHA256 SHA224 SHA384 SHA512 RIPEMD160
> personal-cipher-preferences AES128 3DES
>
[...]
And you think this is enough? Not removing and recreating and olde
On Thu, Sep 10, 2009 at 3:45 AM, David Shaw wrote:
> Yes, but it won't actually go away completely. SHA1 is special in OpenPGP.
> Unlike the other hashes, SHA1 is required to be supported. Removing SHA1
> from an OpenPGP preference list doesn't actually remove it, but instead
> effectively puts
> - When creating a new key,.. it uses the entropy, right? So is there
> some way to improve this entropy? Perhaps not using Linux but instead
> OpenBSD which might have a better PRNG (don't know if this is actually
> the case ;) ) or use a specific Linux kernel version where a newer and
> better P
In case you missed it, using 15 as a key value is no longer a viable
option:
http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Fortunately, people are working on it:
http://spectrum.ieee.org/computing/software/cryptographers-take-on-quantum-computers
-B
On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
> In case you missed it, using 15 as a key value is no longer a viable
> option:
Hasn't been for many years. The advancement is in reducing the size of
the quantum computing device, not in factoring a larger number.
We factored 15 via Shor's
On 09/09/2009 09:45 PM, David Shaw wrote:
> Instead of giving my preferences,
> allow me to point at the wonderful defaults in GPG. They're the default
> algorithms for a reason.
I've asked this before, but without any satisfactory answer, i'm still
curious: Why do the digest defaults in 1.4.10
2009/9/10 Christoph Anton Mitterer
:
> On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
>> In case you missed it, using 15 as a key value is no longer a viable
>> option:
>> http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
> Thank God! I've used 17
On Thu, 2009-09-10 at 10:29 -0400, Brian Mearns wrote:
> > Thank God! I've used 17 ;)
> No you didn't, 17 is prime. =D
*D'Ohh* ... caught me ;)
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg
Hi Robert.
On Thu, Sep 10, 2009 at 3:59 PM, Robert J. Hansen wrote:
> Not really. If there were good reasons to believe OpenBSD's entropy
> collector was better than Linux's, the Linux crew would fix the code,
> maybe even borrowing OpenBSD's entropy collector.
Ah,.. right... it was the other
On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote:
> Uhm,.. what a pity. What would happen if SHA1 gets fully broken? Would
> we have to create a new OpenPGP and new keys?
Probably. However, if SHA-1 gets totally broken we'll have a lot bigger
things to worry about than OpenPGP.
> > Well,
On Thu, 2009-09-10 at 16:51 +0200, Philippe Cerfon wrote:
> Ah,.. right... it was the other way round it didn't work (GPL2 to BSD ;) )
Copyright protects the way an idea is expressed, not the idea itself.
If Linux had a better entropy collector than OpenBSD, the OpenBSD folks
would study the Linux
On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
> In case you missed it, using 15 as a key value is no longer a viable
> option:
> http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Thank God! I've used 17 ;)
Cheers,
Chris.
smime.p7s
Description
On Sep 10, 2009, at 8:02 AM, Philippe Cerfon wrote:
On Thu, Sep 10, 2009 at 3:45 AM, David Shaw
wrote:
Yes, but it won't actually go away completely. SHA1 is special in
OpenPGP.
Unlike the other hashes, SHA1 is required to be supported.
Removing SHA1
from an OpenPGP preference list does
On Sep 10, 2009, at 10:51 AM, Philippe Cerfon wrote:
Not really. If there were good reasons to believe OpenBSD's entropy
collector was better than Linux's, the Linux crew would fix the code,
maybe even borrowing OpenBSD's entropy collector.
Ah,.. right... it was the other way round it didn't
* Philippe Cerfon [2009-09-10 14:03]:
> I'd have some additional poor men's questions ;-)...
> - When creating a new key,.. it uses the entropy, right? So is there
> some way to improve this entropy? Perhaps not using Linux but instead
> OpenBSD which might have a better PRNG (don't know if this i
* Sebastian Wiesinger [2009-09-10 18:01]:
> Hi,
>
> regarding this, the Simtec Entropy Key http://www.entropykey.co.uk/ is
> available for sale online since a few days ago. This is an USB
> hardware entropy generator. Perhaps this would be something to
> consider in your tests regarding quality a
On 09/10/2009 10:54 AM, Robert J. Hansen wrote:
> On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote:
>> I thought the key ID is only used for humans to short check the
>> keys,.. but not in the system itself?!
>
> Nope, it's pretty pervasive in the system.
Unless i misunderstand the contex
Thanks for the reply!
How do I troubleshoot the issue I am experiencing with my Hushmail keys
on the OpenPGP 2.0 card not being able to decrypt my mail?
Are you sure about what you said below regarding the stub and the
secret/private key? I just generated a test key pair on the OpenPGP 2.0
card a
On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:
Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
From what I understand Hushmail is based on OpenPGP so it should
work.
The key I have from my Hushmail account is 2048bit in length but
once I
copy the key onto the OpenPGP 2
This is the error I get when I try to decrypt Hushmail emails in
Thunderbird with the OpenPGP card:
Error - secret key needed to decrypt message
gpg command line and output:
C:\Program Files\GNU\GnuPG\gpg.exe
gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected reader
Daniel Kahn Gillmor wrote:
> On 09/10/2009 10:54 AM, Robert J. Hansen wrote:
>> On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote:
>>> I thought the key ID is only used for humans to short check the
>>> keys,.. but not in the system itself?!
>> Nope, it's pretty pervasive in the system.
>
>
Hi Robert.
On Thu, Sep 10, 2009 at 4:54 PM, Robert J. Hansen wrote:
> Probably. However, if SHA-1 gets totally broken we'll have a lot bigger
> things to worry about than OpenPGP.
What specifically do you mean? Crypto-stuff in banking etc.?
> As soon as you find an attack, then we can discu
What is the correct way to copy existing keys that exist onto an OpenPGP
2.0 card?
I was trying this, is it correct:
gpg --edit-key
toggle
keytocard
select 1
key 1
keytocard
select 2
q
y
smime.p7s
Description: S/MIME Cryptographic Signature
___
On Thu, Sep 10, 2009 at 5:08 PM, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would effectively mean
> a new key type for OpenPGP (again, not a disaster - we're on our 4th key
> type today).
Ok,..
Hello Daniel.
On Thu, Sep 10, 2009 at 6:22 PM, Daniel Kahn Gillmor
wrote:
> The Key ID is a substring (either the last 8 or 16 hex chars) of the Key
> Fingerprint (which is 40 hex chars). The Key ID is used nowhere in the
> internals of the OpenPGP specification, from what i can tell.
I think
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would
> effectively mean a new key type for OpenPGP (again, not a disaster -
> we're on our 4th key
On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen wrote:
> I understood him to mean the "key ID" as the fingerprint of the
> certificate's primary signing key, rather than checking each bit of the
> certificate's primary signing key individually.
I meant the fingerprint, yes.
But now that you sa
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
> The real headache here is (as always) the practical - what to do with
> existing keys and such. I suspect that removing SHA1 would
> effectively mean a new key type for OpenPGP (again, not a disaster -
> we're on our 4th ke
Hi Robert.
On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote:
> Nope, it's pretty pervasive in the system.
I thought it (and SHA1 fingerprints) would only be used in designated
revoker signatures, and MDC?
> The people behind OpenPGP are working on a new OpenPGP proposal that
> will u
Philippe Cerfon wrote:
> What specifically do you mean? Crypto-stuff in banking etc.?
"Specifically"? I don't have the time to list everywhere that will
break. SHA-1 is used in a ton of places, and often not places you'd
immediately expect. For instance, computer fuel injection timings are
cont
Philippe Cerfon wrote:
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?
No.
Sharing media is a great way to spread malware. Don't do that to you
On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen wrote:
> That's three examples of things that will unexpectedly break if SHA-1
> falls. A complete laundry list would go for pages and pages and pages.
> I'd suggest reading comp.risks; they might have something on point.
Thanks,.. got what you
Henk M. de Bruijn wrote:
> Allen Schultz schreef:
>> Henk M. de Bruijn wrote:
>>> I checked but even after setting off the option to install GPA. The
>>> relevant files are still installed and when closing the preference menu
>>> a menu keeps on popping up about GPA and the passphrase.
>>> I don't
On 09/10/2009 06:32 PM, Christoph Anton Mitterer wrote:
> 3) One problem with such devices is,.. that one can never know (well at
> least normal folks like me) how good they actually are.
> If this company would be evil (subsidiary of NSA or so) they could just
> sell bad devices that produce poor
On Fri, 2009-09-11 Christoph Anton Mitterer wrote:
. . .
sell bad devices that produce poor entropy thus rendering
our (symmetric and asymmetric) keys, signatures etc. "useless".
. . .
Just out of curiousity, about how "poor" entropy might make
it easy to break encryption: Is it necessary f
On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
The real headache here is (as always) the practical - what to do with
existing keys and such. I suspect that removing SHA1 would
effectively mean a new key type for Op
On Sep 10, 2009, at 8:38 PM, Daniel Kahn Gillmor wrote:
On 09/10/2009 06:32 PM, Christoph Anton Mitterer wrote:
3) One problem with such devices is,.. that one can never know
(well at
least normal folks like me) how good they actually are.
If this company would be evil (subsidiary of NSA or s
On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:
The people behind OpenPGP are working on a new OpenPGP proposal that
will use a stronger, better hash algorithm.
Have workings on an 4880 successor already started?
No, at this point things are mainly being proposed as *additions* t
On 09/10/2009 10:23 PM, David Shaw wrote:
> "Could" is a very powerful word. At some point, people have to buy and
> run the closed-source hardware they need to run their open-source
> software on :)
Agreed! I was just pointing out that the lack of true entropy might not
be as obvious as the pro
On Sep 10, 2009, at 5:44 PM, Philippe Cerfon wrote:
On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen > wrote:
I understood him to mean the "key ID" as the fingerprint of the
certificate's primary signing key, rather than checking each bit of
the
certificate's primary signing key individuall
43 matches
Mail list logo
