On 23/02/17 11:00, Gerd v. Egidy wrote:
> Seems you are trusted by much more people than me ;)
More people trust that that key is mine, they don't trust me as a
person, my actions or my certifications. dkg already answered that bit
:-). These are mostly people I've met at a keysigning party. They
On Thursday 23 February 2017 23:38:36 Leo Gaspard wrote:
> On 02/23/2017 09:00 PM, Robert J. Hansen wrote:
> > [...]
> >
> > To which I said, "Create two keys with the same fingerprint. Sign a
> > contract with one, then renege on the deal. When you get called
> > into court, say "I never signed
On 2/23/2017 at 4:52 PM, si...@web.de wrote:...
Not sure about you but I am not able to see the difference between a
valid pgp key and "gibberish" ;)
...
=
In the example of the 2 pdf's, they started with one pdf, made
another pdf, then multiple (more than billions) trials of adding a
stri
On 23/02/17 13:36, Gerd v. Egidy wrote:
> So I think that this would move the bar for a possible user of paperbackup.py
> higher than I want to.
Yes, it should be easy to use. In fact, I've sometimes heard the
complaint that "paperkey is not easy to install and/or use". That's
really too bad th
Crap, silly me... why do I always notice these things only after I've
hit send?
On 24/02/17 17:17, Peter Lebbing wrote:
> The following Python:
>
from posixcksum import PosixCkSum
from base64 import b64encode
crc, _ = PosixCkSum.sum_whole(bytearray(b'123456789'))
b64encode(crc
On 23 February 2017 at 19:24, wrote:
> Today was announced that SHA1 is now completely broken
> https://security.googleblog.com/2017/02/announcing-first-
> sha1-collision.html
This is nonsense.
Google security team calling sha1 "completely broken" simply means google's
security team is complet
If you read the announcement Google never uses the words "completely broken"
that you attribute to them. I believe that was someone else's characterization.
Mis-attribution and name calling can also be unhelpful.
Google's security team has been the driving force behind two major security
issues
There are various claims going around about how GnuPG should be
disabling SHA1 now; the competent cryptographers I know are pointing out
that a collision is not a second pre-image, don't panic and cargo-cult
(but also yes it's time and past time to be making sure we have a clear
path away). I'm no