-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 26-02-2011 0:27, Aaron Toponce escribió:
> On 02/25/2011 07:39 PM, Robert J. Hansen wrote:
>> Bruce himself recommends AES over TWOFISH.
>
> [citation needed]
>
> I know that he's recommended AES-128 over AES-256, but I've not read
> where he's
On 02/25/2011 08:46 PM, Robert J. Hansen wrote:
> On 2/25/11 10:27 PM, Aaron Toponce wrote:
>> On 02/25/2011 07:39 PM, Robert J. Hansen wrote:
>>> Bruce himself recommends AES over TWOFISH.
>>
>> [citation needed]
>
> _Practical Cryptography_. Read it. Other people on this list can
> provide a p
On Feb 25, 2011, at 6:05 PM, Aaron Toponce wrote:
> Also, my understanding on how the preferences are chosen by GnuPG is the
> following:
>
> 1. User wishes to encrypt mail to me, so my cipher preferences in my
> public key are pulled.
> 2. My first preference, Twofish, is used, only if the sende
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 24 February 2011 at 2:13:13 PM, in
, Robert J. Hansen wrote:
> It is also theoretically possible to rebuild your
> private key using a fifth of gin and a Ouija board.
I couldn't resist asking: do you have a citation for this?
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 25 February 2011 at 1:45:03 AM, in
, Jameson Rollins wrote:
> Yikes! I thought we were almost done killing inline
> signatures! Don't revive it now!
> If PGP/MIME is broken on android, we need to get them
> to fix it, not go backw
On Feb 26, 2011, at 9:10 AM, Aaron Toponce wrote:
>> 3DES's history is instructive. NIST has declared it "dead in 20 years"
>> more often than Netcraft has declared BSD to be dying.[*] At this
>> point, I'm unaware of anyone who seriously believes 3DES will be gone in
>> 20 years. Most people s
On Sat, Feb 26, 2011 at 07:49:41AM -0300, Faramir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> El 26-02-2011 0:27, Aaron Toponce escribió:
> > On 02/25/2011 07:39 PM, Robert J. Hansen wrote:
> >> Bruce himself recommends AES over TWOFISH.
> >
> > [citation needed]
> >
> > I kno
I have returned to a previous ISP, and they've given me a new email
address for my secondary email. How do I edit it on my key? I need
to delete and/or revoke uid#4, and keep #3, the new one.
pub 1024D/4A00352C created: 2006-07-11 expires: never usage: SCA
[ultimate] (1). Donald Way
On 2/26/11 3:11 PM, Wayne Chandler wrote:
> I have returned to a previous ISP, and they've given me a new email
> address for my secondary email. How do I edit it on my key? I need
> to delete and/or revoke uid#4, and keep #3, the new one.
At the edit prompt:
uid 4
revuid
(enter passphrase, etc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 26-02-2011 15:59, Simon Ward escribió:
> On Sat, Feb 26, 2011 at 07:49:41AM -0300, Faramir wrote:
...
>> There is an interview somewhere (I was looking for it to provide
>> citation, but I was unable to find it. I think it used to be in his blog
On 02/26/2011 02:27 PM, Faramir wrote:
> Here he says Twofish has speed comparable with AES, without some
> vulnerabilities (but Serpent is considered even more secure). However,
> he says if AES fails, you won't be blamed for using it (so is the safest
> for your career). If you chose Twofish, a
On 02/26/2011 02:27 PM, Faramir wrote:
> Here he says Twofish has speed comparable with AES, without some
> vulnerabilities (but Serpent is considered even more secure). However,
> he says if AES fails, you won't be blamed for using it (so is the safest
> for your career). If you chose Twofish, a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 26-02-2011 19:44, Aaron Toponce escribió:
...
> Fortunately for me, this is my personal GnuPG preferences, and not those
> of my employer. Blowfish is good crypto, and I still haven't found a
> good reason to not using it. AES is the federal stand
On 02/26/2011 03:16 PM, Robert J. Hansen wrote:
> At the edit prompt:
>
> uid 4
> revuid
> (enter passphrase, etc.)
> save
>
> Once that's done:
>
> gpg --keyserver x-hkp://pool.sks-keyservers.net --send-key 4A00352C
>
> ... to send your updated certificate to the certservers, so the entire
> w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 26-02-2011 20:07, Aaron Toponce escribió:
...
> Thoughts?
>
> http://eprint.iacr.org/2010/023.pdf
In this section, the attack assumptions are described.
² Correct and faulty ciphertexts calculated from the
same plaintext are known.
² One pair of
I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed
the drivers through the libccid package. This works out of the box for
root, but mortal users can't access the card at all. I tried a lightly
modified version of the scripts from
http://www.gnupg.org/howtos/card-howto/en/smartca
Am Sonntag 27 Februar 2011 01:45:26 schrieb Todd A. Jacobs:
> $ cat /usr/local/sbin/gnupg-ccid.sh
> if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ]
> then
> chmod o-rwx "${DEVICE}"
> chgrp "${GROUP}" "${DEVICE}"
> chmod g+rw "${DEVICE}"
> fi
I had the same problem. My problem was th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Why? Inline is simple and effective. I'm curious as to why you
feel MIME is so much better.
- --Avi
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (MingW32) - GPGshell v3.77
Comment: Most recent key: Click show in box @ http://is.gd/4xJrs
iJg
I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed
the drivers through the libccid package. This works out of the box for
root, but mortal users can't access the card at all. I tried a lightly
modified version of the scripts from
http://www.gnupg.org/howtos/card-howto/en/smartca
On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote:
> Why? Inline is simple and effective. I'm curious as to why you
> feel MIME is so much better.
http://josefsson.org/inline-openpgp-considered-harmful.html
jamie.
pgpha2dSJArgJ.pgp
Description: PGP signature
___
On 02/26/2011 07:45 PM, Todd A. Jacobs wrote:
> I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed
> the drivers through the libccid package. This works out of the box for
> root, but mortal users can't access the card at all. I tried a lightly
> modified version of the scripts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've recently received my smart card, but was wondering what the "best
practices" are, mainly from a physical standpoint. When I use it in
my laptop reader, it sticks about 2" out of the side, and I have some
concern about this (i.e., getting damaged
The following line in gnupg-ccid.rules will now create the /dev node
with the correct permissions, but the card reader itself still remains
inaccessible to non-root users:
ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*", GROUP="scard"
This seems like a simpler way to assign the GID, r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have a 3310 and with pcscd, I haven't even found the need to use the
scard group. I have found that occasionally I have to restart
scdaemon in order to get new readers/cards recognized. I haven't
narrowed it down specifically yet. (I just got my
Here are the steps I needed to take under Ubuntu 10.10 to get this
particular reader working properly as a mortal user.
1. sudo aptitude install --with-recommends libccid
2. sudo addgroup --system pcscd
3. sudo addgroup pcscd
4. cat << EOF | sudo tee /etc/udev/rules.d/gnupg-ccid.rules
SUBSYST
On 02/26/2011 09:40 PM, David Tomaschik wrote:
>
> I've recently received my smart card, but was wondering what the "best
> practices" are, mainly from a physical standpoint. When I use it in
> my laptop reader, it sticks about 2" out of the side, and I have some
> concern about this (i.e., getti
On Sat, Feb 26, 2011 at 5:53 PM, Hauke Laging
> dev_device="${DEVICE//proc/dev}"
> chgrp "${GROUP}" "${dev_device}"
> chmod g+rw "${dev_device}"
Thanks for the suggestion. However, $DEVICE isn't populated at all,
although the udev rule appears to be triggering. My script now
contains:
#!/bin/bash
On 27/02/11 1:24 PM, Jameson Rollins wrote:
> On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote:
>> Why? Inline is simple and effective. I'm curious as to why you
>> feel MIME is so much better.
>
> http://josefsson.org/inline-openpgp-considered-harmful.html
Thanks for the link.
I'd only add that i
On 02/26/2011 08:52 PM, David Tomaschik wrote:
>
> I have a 3310 and with pcscd, I haven't even found the need to use the
> scard group. I have found that occasionally I have to restart
> scdaemon in order to get new readers/cards recognized. I haven't
> narrowed it down specifically yet. (I ju
On 02/26/2011 10:29 PM, Grant Olson wrote:
> On 02/26/2011 08:52 PM, David Tomaschik wrote:
>> I have a 3310 and with pcscd, I haven't even found the need to use the
>> scard group. I have found that occasionally I have to restart
>> scdaemon in order to get new readers/cards recognized. I haven'
On 02/26/2011 04:37 PM, Faramir wrote:
> Because its author says you should move to Twofish?
Dammit! I meant Twofish, not Blowfish. I knew what I meant, but I didn't
type it.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
So I've been trying to get my GnuPG card to work with ssh
authentication, but I can't seem to get it to work. As there are quite a
few success stories out there, I'm probably missing something, or doing
something stupid, so I'd appreciate any pointers.
This is a largely underdocumented feature,
On 02/26/2011 18:53, Ben McGinnes wrote:
On 27/02/11 1:24 PM, Jameson Rollins wrote:
On Sat, 26 Feb 2011 21:02:08 -0500, Avi wrote:
Why? Inline is simple and effective. I'm curious as to why you
feel MIME is so much better.
http://josefsson.org/inline-openpgp-considered-harmful.html
Thanks
Thought I would update and say I finally got this working correctly.
Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be
used. Once those were installed, and daemons restarted, ssh-add -l had
no problem grabbing the key off the card.
Regardless, I hope my documentation is help
On 02/26/2011 10:06 PM, Brady Young wrote:
>
>
> In any case, I undertsand the next step is to get the ssh-ified version
> of the key, adding to to ~/.ssh/authorized_keys on the remote host:
>
> $ gpgkey2ssh 3B70AC3E > file_to_upload
>
> (file_to_upload is scp'd over to remote host in correct l
On 02/26/2011 11:51 PM, Brady Young wrote:
>
> Thought I would update and say I finally got this working correctly.
>
> Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be
> used. Once those were installed, and daemons restarted, ssh-add -l had
> no problem grabbing the key off
Grant Olson writes:
> On 02/26/2011 11:51 PM, Brady Young wrote:
>> Thought I would update and say I finally got this working correctly.
>> Apparently with the Omnikey Cardman 3121, the vendor drivers *must* be
>> used. Once those were installed, and daemons restarted, ssh-add -l had
>> no probl
On 27/02/11 3:28 PM, Doug Barton wrote:
>
> If you look at the characteristics of the actual messages encrypted
> mail is very similar whether it's in-line or MIME.
Exactly, the encrypted output in both methods uses base-64 encoding.
> It's signed messages that make things interesting because th
38 matches
Mail list logo
