On 25-06-2012 0:11, Werner Koch wrote:
> A few years later it was obvious that MD5 is broken in practice. I can't
> understand anyone suggesting to use PGP2. I have heard of people keep
> on using and suggesting >=4k keys but still being bounded to the broken
> MD5 and the flawed PGP public key p
On Mon, 25 Jun 2012 16:18, joh...@vulcan.xs4all.nl said:
> That depends on your threat model. If signing messages is not so
> important to you but encrypting is, this advice is understandable. So
> let MD5 be broken, it matters not for encryption. Not that I would
Sure it matters. The self-signa
On Tue, Oct 18, 2011 at 09:15:14AM -0400 Also sprach Mark H. Wood:
> On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote:
> > >> I'm going to lean very far out the window and assume he meant the actual
> > >> private key, not the private key-ring/-file/...
> > >
> > > I'm not sure I unders
On Mon, 25 Jun 2012 17:08, lists.gn...@mephisto.fastmail.net said:
> cracking the symmetric encryption used to protect the private key is
> comparable to the problem of cracking an encrypted message's session
> key.
No, it is not. The entropy in a session key matches the size of the
session key
On 06/25/2012 11:08 AM, Kevin Kammer wrote:
> Eventually being... the age of the Earth?
(I do not disagree with Kevin: this is an emphatic agreement.)
There is a minimum energy associated with flipping a bit -- something so
small that a single proton has the energy to flip about a trillion bits.
On 06/25/2012 10:18 AM, Johan Wevers wrote:
> That depends on your threat model. If signing messages is not so
> important to you but encrypting is, this advice is understandable.
> So let MD5 be broken, it matters not for encryption.
If MD5 signatures can be forged (and news reports strongly ind
On 06/25/2012 11:44 AM, Werner Koch wrote:
>> cracking the symmetric encryption used to protect the private key is
>> comparable to the problem of cracking an encrypted message's session
>> key.
>
> No, it is not. The entropy in a session key matches the size of the
> session key. The key used
Robert J. Hansen wrote:
> On 06/24/2012 06:11 PM, Werner Koch wrote:
>> I am telling for more than a decade that PGP 2 should not be used
>> anymore.
>
> The list may find my own timeline of MD5 to be worth reading -- it might
> give some insight into why PGP 2 (in particular the MD5 vulnerabilit
On Mon, June 25, 2012 5:00 pm, Robert J. Hansen wrote:
> On 06/25/2012 11:44 AM, Werner Koch wrote:
>>> cracking the symmetric encryption used to protect the private key is
>>> comparable to the problem of cracking an encrypted message's session
>>> key.
>>
>> No, it is not. The entropy in a sess
On Mon, Jun 25, 2012 at 12:11:57AM +0200, Werner Koch wrote:
> I am telling for more than a decade that PGP 2 should not be used
> anymore. The rationale for this was that OpenPGP is a standard and
> fixes great many problems of PGP 2. GnuPG supports PGP 2 only because
> this provides a way to mi
On Mon, 25 Jun 2012 20:12, aaron.topo...@gmail.com said:
> So, if the system can be improved by removing support for PGP2, which
> includes cleaning up code, squashing bugs, and tightening security, then
> why is it still around? 20 years later?
Because you still want to be able to decrypt your 2
On Fri, 22 Jun 2012 23:22, jw72...@verizon.net said:
> message when I use GPA to try retrieving a key. The message states
> this: "There is no plugin available for the keyserver protocol you
> specified." What am I missing? Thanks.
IIRC, GPA has no support for "hpks". You need to use "hkp". For
>Robert J. Hansen wrote:
>> On 06/24/2012 06:11 PM, Werner Koch wrote:
>>> I am telling for more than a decade that PGP 2 should not be
>used
>>> anymore.
>>
>> The list may find my own timeline of MD5 to be worth reading --
>it might
>> give some insight into why PGP 2 (in particular the MD5
13 matches
Mail list logo
