Hi Peter,
> The certificate (aka public key) includes all signatures, all the data
> on the keyserver. It's data you don't really need to back up since it is
> public, and it can be huge. My key.asc file is 137,424 bytes following
> your instructions.
Seems you are trusted by much more people tha
> I'm a little
> surprised that your code is as large as it is, too: using an alternate
> pipeline you might be able to significantly reduce code size.
>
> (a) use Python 3's gpg module to export the secret key
> (b) paperkey --output-type raw --secret-key key.gpg --output key.raw
I want paperbac
Hi Daniel,
On Wednesday, 22 February 2017 15:50:21 CET Daniel Kahn Gillmor wrote:
> On Wed 2017-02-22 10:10:51 -0500, Thomas Jarosch wrote:
> > I've tried paperkey with Gnupg 2.1.13 and it had trouble parsing the
> > secret
> > key data. May be the internal packet format changed or needs adaption.
> You might consider using a font designed for OCR rather than the current
> font.
I tried to change to OCR-B or Inconsolata
http://stackoverflow.com/questions/316068/what-is-the-ideal-font-for-ocr
but getting that to work with enscript is not easy, as you have to find and
install afm and pfb i
Thanks very much for getting back to me - I really appreciate your help. I
have been able to get the validation to work by adding the trusted root
certificate to the "trusted-certs" folder under the gnupg directory on my
windows box. The directory wasn't there but I was able to add it and as l
Il 23/02/2017 11:00, Gerd v. Egidy ha scritto:
> If we are talking centuries, I'd worry about the availability of gnupg as
> much
> as qrcodes. Both are publicly available standards, but I don't know if they
> are still available and understandable by then. I'd recommend going to
> plaintext o
Today was announced that SHA1 is now completely broken
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
A few weeks back it was mentioned that there is a new proposal for a openpgp
standart including a new algorithm for pgp fingerprints.
As this is currently not applic
On 23/02/17 19:24, si...@web.de wrote:
> As this is currently not applicable in practice, I would like to know
> what this new development means for pgp-gnupg and the use of SHA1 for
> key identification.
I already answered that here[1]. The use of SHA-1 in fingerprints is not
susceptible to a col
> Today was announced that SHA1 is now completely broken
> https://security.googleblog.com/2017/02/announcing-first-sha1-
> collision.html
SHA-1 is broken *for some purposes*. That's scary enough, trust me. Let's
not overstate things.
For the last ten years I've been saying, "The smoke alarm ha
Am 23.02.2017 um 19:48 schrieb Peter Lebbing:
> On 23/02/17 19:24, si...@web.de wrote:
>> After researching how the fingerprint is generated, I think it would
>> be easy to include a new option in gnupg to print a fingerprint using
>> sha256. Would that be something that will/can be included in fut
On Thu 2017-02-23 03:54:12 -0500, Thomas Jarosch wrote:
> In the interest of humanity and the cause of science, I've just tried again
> with a throwaway key :) This time it worked just fine. The "only" thing
> that's
> changed is that I've upgraded from Fedora 22 to Fedora 25 since I last tried.
(I originally sent this off-list by mistake. Peter was kind enough to respond
off-list and to suggest we take it back on-list. This email is a distillation
of three different emails: my original, Peter's response, and a response to
Peter.)
=
> I already answered that here[1]. The use of
On 2/23/2017 at 1:27 PM, si...@web.de wrote:Today was announced that
SHA1 is now completely broken
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
A few weeks back it was mentioned that there is a new proposal for a
openpgp standart including a new algorithm for pgp
[ not on-topic for this thread, hence the subject change ]
On Thu 2017-02-23 05:00:54 -0500, Gerd v. Egidy wrote:
>> The certificate (aka public key) includes all signatures, all the data
>> on the keyserver. It's data you don't really need to back up since it is
>> public, and it can be huge. My
Am 23.02.2017 um 20:09 schrieb ved...@nym.hush.com:
> The Openpgp standards group is working on this.
Yes but who know how many years it will take until a new standard is accepted...
>
> The link you give for the collision used 2 PDF's.
> Using a PDF is sort-of 'cheating', and does not extrapolat
On Thu, 2017-02-23 at 13:58 -0500, Robert J. Hansen wrote:
> > "Migrating to SHA256"
> section in
> the FAQ?
What I always kinda wonder is, why crypto or security experts, at least
in some sense never seem to learn.
When MD5 got it's first scratches, some people started to demanded for
it's ASAP r
On 02/23/2017 09:00 PM, Robert J. Hansen wrote:
> [...]
>
> To which I said, "Create two keys with the same fingerprint. Sign a contract
> with one, then renege on the deal. When you get called into court, say "I
> never signed that, Your Honor!" and present the second key. This collision
> p
> What I always kinda wonder is, why crypto or security experts, at least
> in some sense never seem to learn.
You kidding me? MD5 hashes are still the standard tool of computer
forensics. It's appalling. The reasons why are fascinating, though:
it's largely for judicial reasons, not technical
18 matches
Mail list logo
