You've been trusting FB by using this function, before you trust that app
:-)
On Mon, Jun 1, 2015 at 12:18 PM, Jason Antony
wrote:
> On 2015-06-02 02:17, Melvin Carvalho wrote:
>
> > Now we just need a facebook app to generate keys ...
>
> But would you trust that app? :-)
>
> -- Jason
>
>
>
> _
Hello!
We are pleased to announce the availability of a new stable GnuPG-2.0
release: Version 2.0.28. This is a maintenance release which fixes a
couple of bugs. Update to this version is suggested.
The GNU Privacy Guard (GnuPG) is a complete and free implementation of
the OpenPGP standard as d
Hi GnuPG folks--
I just noticed that a couple places in doc/DETAILS and doc/gpg.texi
refer to "conventional encryption". Does this mean "symmetric
encryption" or something else?
More concretely, i'm assuming it refers to "SKESK[0]-prefixed SEIPD[1]
packets". Is this correct?
In 2015, i'm not s
On Tue, 2 Jun 2015 16:43, d...@fifthhorseman.net said:
> I just noticed that a couple places in doc/DETAILS and doc/gpg.texi
> refer to "conventional encryption". Does this mean "symmetric
> encryption" or something else?
Yes. I changed it to read "symmetricc encryption with passphrase",
> Mo
> Peers that do not support AES256 are either extremely rare or
> hopelessly out of date. Reducing the strength of the ciphers in use
> for the sake of preserving interop with these peers seems like a bad
> tradeoff.
>
> What do folks think about making this change to the defaults?
At present I'
On Tue 2015-06-02 12:41:40 -0400, Robert J. Hansen wrote:
> Right now pretty much everyone is content with RSA-3072, which has an
> estimated work factor comparable to AES-128. So if 128-bit crypto is
> enough, I don't understand the motivation behind jumping to AES-256.
> There needs to be someth
> Let's consider an adversary that can store as many OpenPGP-encrypted
> messages as it has access to. Maybe it sniffs SMTP traffic as well?
> If the attacker is interested in breaking the crypto of any *one* of
> these messages, it can reduce the amount of work it has to do
> significantly.
I t
On Tue 2015-06-02 14:26:39 -0400, Robert J. Hansen wrote:
>> Even worse, there are standard attacks that find _at least one_ of
>> the keys using just 2^78 easy computations, a feasible computation
>> today.
>
> So there's a 10**-88 chance that one of my keys can be broken in 10**53
> computation
> To be clear, it's not "one of my keys" in the asymmetric key sense,
> where you, rjh, have only a handful over your lifetime. Every time
> you send an encrypted message, GnuPG generates a new AES key to
> encrypt that message with. So "one of my messages' keys" is more
> accurate.
Yes, I u
On 6/2/2015 at 3:49 PM, "Robert J. Hansen" wrote:
>Given this, I would feel much better if Werner were to spend his
>time reviewing the code for exploitable bugs than spending even five
>minutes changing the s2k default from AES-128 to AES-256.
=
Agreed,
but here's a consequence you might
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 2 June 2015 at 8:46:18 PM, in
, Robert J. Hansen wrote:
> [Note for UK/European readers: 'million' here denotes
> an American million: 1,000,000.]
10^6 is a million both sides of the pond, n'est-ce pas? The long and
short scales o
On Tue 2015-06-02 17:51:50 -0400, ved...@nym.hush.com wrote:
> The s2k default is also the default for symmetrically encrypted messages
> (which is fine, as long as people know about it).
I mentioned the possible interoperability concern in my first post on
this thread.
> If a person wants to sym
Il 02/06/2015 20:37, Daniel Kahn Gillmor ha scritto:
> But if we move to AES-256, we remove this attack, which means
> that none of our users get thrown under this particular bus.
What if by changing to AES-256 you end up saving one from the bus by
throwing all users under the train?
IIRC, I read
13 matches
Mail list logo
