How did the NSA hack our emails? (Numberphile videos)

How did the NSA hack our emails? https://www.youtube.com/watch?v=ulg_AHBOIQU NSA Surveillance (an extra bit) http://www.youtube.com/watch?v=1O69uBL22nY -- ...atom http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ---

Re: NSA seeks to build quantum computer that could crack most types of encryption

On Sat, 4 Jan 2014, Filip M. Nowak wrote: "if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now" worried? probably not. concerned? maybe. planning ahead? probably. Post-qua

Re: surrendering one's passphrase to authorities

On Tue, 3 Mar 2009, David Shaw wrote: This article caught my eye. One of the things that I gleaned from the article is that it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. Instead, the courts are attempting to force the surre

Re: surrendering one's passphrase to authorities

On Tue, 3 Mar 2009, Robert J. Hansen wrote: Yes. It's the same as the S2K in OpenPGP, last I checked -- which is specifically designed to make brute forcers slow. Let's say the guy has a passphrase with 64 bits of entropy. Assume you have a massively distributed network and some truly cutti

Re: New results against SHA-1

On Thu, 30 Apr 2009, David Shaw wrote: http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf There is not much hard information yet, but the two big quotes are "SHA-1 collisions now 2^52" and "Practical collisions are within resources of a well funded organisation."

Re: Encryting both file contents and file name with GnuPG

On Sun, 2 Jan 2011, Neil Phillips wrote: i was hoping to do the following; locate a source file. place the name of the source file in a log. encrypt the source file name and contents add to the log the name of the encrypted file. that way i have a list which tells me what the real name of the f

Re: Encryting both file contents and file name with GnuPG

On Sun, 2 Jan 2011, Neil Phillips wrote: gpg should be able to give a hash, something like; gpg -output sha1("a filename") -e filename === depending on your [*nix or cygwin] shell, it ~can~ do that... gpg -o $(sha1 -qs filename) -e filename -r keyid the exact command is system de

Re: Rebuilding the private key from signatures

On Thu, 24 Feb 2011, Aaron Toponce wrote: However, I was in a discussion with a friend, and the topic came up that it is theoretically possible to rebuild your private key if someone had access to all your signed mail. We debated the size of signatures and mail that would need to be collected

Re: Decrypting WikiLeaks insurance file

On Fri, 2 Sep 2011, Ben McGinnes wrote: The password or passphrase for insurance.aes256 has not yet been revealed, but that file is believed to have been encrypted with either TrueCrypt or OpenSSL, probably the latter. == i'm not sure about TrueCrypt, but OpenSSL usually leaves th

Re: Why trust gpg4win?

On Thu, 25 Jul 2013, takethe...@gmx.de wrote: why should I trust gpg4win? I have doubts since it was ordered by the "Bundesamt f?r Sicherheit in der Informationstechnik (BSI)", which has close connections to secret services. Is gunPT any better? Finally, why should I trust gunpg? I'm a windows

Re: How can I get a subkey's fingerprint?

On Thu, 17 Mar 2005, Zuxy wrote: Either under edit-key or directly from the command line? I've tried edit-key, key N, fpr but it still showed the primary key's fingerprint. $ gpg --fingerprint --fingerprint {keyid} -- ...atom __

Re: gpg over ssh...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 this seems to work for me: $ ssh [EMAIL PROTECTED] 'cat file1' | gpg | ssh [EMAIL PROTECTED] 'cat - > file2' note the quotes. it reads an encrypted file (file1) from the server, decrypts it locally and writes the decrypted data back to a file

Re: gpg over ssh...

On Mon, 21 Mar 2005, Gerhard Siegesmund wrote: Almost. :-) But this is the other way round. I want to call gpg from the other server to decrypt something. I have the feeling, that it is not possible to send something for decryption to another server. This would have been a great feature. Imagine

Re: signature level

On Mon, 21 Mar 2005, Janusz A. Urbanowicz wrote: How is signature level specification done in 1.4+? --ask-cert-level previously this was on by default. apparently it caused too much confusion, so now you have to specify it if you want it. -- ...atom _

Re: signature level

On Wed, 23 Mar 2005, Marcus Frings wrote: --ask-cert-level previously this was on by default. apparently it caused too much confusion, so now you have to specify it if you want it. I wish the old behaviour would still be the default. me too... but you can add "ask-cert-level" to

Re: Encrypt with public key from stdin/file possible?

On Wed, 13 Apr 2005, David Shaw wrote: >On Wed, Apr 13, 2005 at 02:19:04PM +0200, Sargon wrote: >> I have a public key of a recipient in ASCII or binary form and would >> like to feed gpg w/o importing it first in its public keyring and >> afterwards specify the ID of the public key. According to

Re: Retrieving signature from message that was encrypted and signed in one step

On Mon, 18 Apr 2005, Patrick Chkoreff wrote: I have a message that was encrypted and signed in one step. When I decrypt it, I can read the message and see that the signature is valid. So far so good. I would now like to relay this message to a third party so he can verify the signature too. B

Re: Apache/PHP - 'loading shared library error'???

On Tue, 26 Apr 2005, brett wrote: I'm trying to get gpg to run from PHP and have run into a problem i can't solve. I can use proc_open() to execute other commands, but not gpg. == try this - http://business-php.com/opensource/gpg_encrypt/ -- ...atom __

Re: Difference "gpg --armor --store" Vs. "gpg --enarmor"

On Sun, 15 May 2005, David Shaw wrote: On Sun, May 15, 2005 at 12:43:38PM -0700, David wrote: Hi List, What is the difference between "gpg --armor --store" and "gpg --enarmor"? --armor --store creates an armored OpenPGP message: a "literal message", which is unencrypted and unsigned. --enarmor a

Re: 2 noob problems

On Fri, 20 May 2005, Neil Williams wrote: Why is a new signature (of either type) more important than an old one? = in many respects, a new self-sig is meant to replace and supersede an older self-sig, not augment it. although it can be argued that old self-sigs serve a h

Re: Max compression

On Tue, 24 May 2005, Per Tunedal Casual wrote: what are the maximum values for compression for zip, zlib and bzip2? The default is 6 for zlib according to the manpage. I would like to set a somewhat higher compression with: --compress-level == the range is 1-9. 1 is the fastest,

Re: Minnesota court takes dim view of encryption

On Thu, 26 May 2005, Erpo wrote: Cryptographic capabilities must be integrated into every popular OS and application in such a way as to make it automatic and easy to encrypt everything, no matter how mundane, from IMs to downloaded device drivers. Once everyone is doing it, the people who rea

Re: Filesystem Encrytion with GnuPG ?!

speaking of encrypted file-systems, does anyone know what happened to rubberhose.org? -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 -

Re: Choice of Algorithm

On Fri, 27 May 2005, Erpo wrote: On Thu, 2005-05-26 at 20:12 +0200, Youssef Aoun wrote: Since ElGamal is able to make signatures and encryption... why do we have other alternatives? Does it help to have multiple key?? It helps to have multiple algorithms in that there is a backup if one of t

Re: Choice of Algorithm

On Mon, 30 May 2005, Werner Koch wrote: On Fri, 27 May 2005 10:53:04 -0400 (EDT), Atom Smasher said: DSA being "The Standard" i don't think it's any more standard than RSA, although it is more common. DSS (DSA+SHA1) is the FIPS standard for digital signatures.

OEM key loggers

does anyone know if this is true? http://www.chromance.de/wtf/lol.htm if it is... -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 -

Re: I have the public key, but not the private...

On Wed, 27 Jul 2005, Travis C Newman wrote: I had reinstalled a while ago, and forgot to backup my gpg files. I have retrieved my public key from MIT's keyserver, but I don't have the private key, so I can't sign anything. Help? == um... no. without the private key, you're beat. t

Re: Entropy in ascii-armored output?

check out . something like: $ head -4 /dev/urandom | gpg --enarmor will produce much better "random" output than encrypted output. encrypted output can be filled with information that is not at all random, such as partial body length headers. of course, base64 i

Re: legal status of GnuPG in China?

On Wed, 24 Aug 2005, Anonymous Sender wrote: Does anyone know the legal status of GnuPG in China? == IANAL, but it seems that GnuPG/PGP would require a license for use. i would think that it would be easier to get a license (if any are actually issued) if the stated use was signi

legally binding digital sigs

does anyone know what makes a digital signature legally binding (or not) under US law? thanks... -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ---

Re: Forging fingerprints/KeyID?

On Mon, 28 Nov 2005, David Shaw wrote: On Tue, Nov 29, 2005 at 05:36:38AM +0100, Christoph Anton Mitterer wrote: Ah,.. tanks :-) So it sould be completely enough to verify Name/eMail and the Fingerprint when signing another key,... and I don't have to compare creation date/keysize/algorithm/etc

Re: PK-Encrypt-only

On Wed, 30 Nov 2005, Kurt Fitzner wrote: I am contemplating a change to my GnuPG Explorer Extension, but I need some background information. I know that encrypting a file without signing it is commonly done with symmetrical encryption. My question is, do people commonly use GnuPG to encrypt

Re: Create key's over 4096 bit ????

On Wed, 21 Dec 2005, Aleksandar Milivojevic wrote: From the security standpoint, more bits do not buy you more security. Having 16k key or 2k key will buy you about the same security. It is not all in the key lenght. My opinion is, just use 2k key. It will serve you well. I generated one 4

Re: Create key's over 4096 bit ????

On Thu, 22 Dec 2005, Ludwig Hügelschäfer wrote: That's true. Even considering a brute force attack, 1025 bits is in average only sqrt(2) better as 1024 bits. === so, does that mean that a 2048 bit asymmetric key is (only) this many times stronger than a 1024 bit key(?): 13407807

Re: Create key's over 4096 bit ????

On Fri, 23 Dec 2005, Johan Wevers wrote: Werner Koch wrote: Talking about 4k keys is in this respect useless - unless you have very special requirements and can neglect the above points. However, with such requirements you will also have the staff and money to take proper decisions and impl

Re: Create key's over 4096 bit ????

On Tue, 27 Dec 2005, Eric wrote: On Fri, 2005-12-23 at 18:11 +0100, Johan Wevers wrote: Atom Smasher wrote: i think they're more likely to use carrier pigeons than pgp. I've read that in Afghanistan they use couriers by horse who memorise the message. That makes it p

hard-copy backups

has anyone given any thought to what would be the difference between carefully and carelessly making hard-copy backups of secret keys? i mean, it would be stupid to print a copy of ones secret key (with a weak passphrase) and leave it lying on a table next to a window. OTOH, a printed copy of

Re: hard-copy backups

On Thu, 5 Jan 2006, Janusz A. Urbanowicz wrote: from my experience, all keys for long-term, _safe storage_ (and after revocation) should be kept with no passphases at all human memory is very volatile and some day you gonna need to decrypt an old email encrypted with the key you revoked in 19

Re: hard-copy backups

On Thu, 5 Jan 2006, Samuel ]slund wrote: In Sweden people with weapon licenses are required to either keep their weapons locked up in a safe that is non-trivial to move or store them with the "vital part" and ammunition removed and hidden in different places. Might be applicable? ==

key signing article in 2600

the current issue of 2600 (winter 05/06) has an article i wrote, titled "pgp Key Signing Observations - Overlooked Social and Technical Considerations". it should be of interest to many on this list. -- ...atom _ PGP key - http://atom.smasher

Re: gpg on cron task

On Sat, 4 Feb 2006, enediel gonzalez wrote: === why are you using php for a cron job? signing or decrypting non-interactively requires that you either have a key without a passphrase, or a passphrase stored in a file. neither of these are secure. tell us a little more about wh

bad keysigning by Geotrust

this is what happens when someone signs a key that shouldn't be signed. it's based on an x.509 (hierarchical) trust model, not a pgp (distributed) trust model, but the consequences are the same: a certification signature that should not have been issued was issued. this is basically "mallory" c

Re: Problem removing a public key whose private key is gone

On Tue, 7 Mar 2006, Jeremiah Foster wrote: I overwrote the partition upon which my private key was stored. To confuse matters I generated a new secret / public key pair on the same machine and even imported my old public key, thinking, rather foolishly, that I might somehow be able to restore

Re: Problem removing a public key whose private key is gone

On Mon, 13 Mar 2006, Neil Williams wrote: Werner et al. : Maybe it's time that --send-key checks if the key to be sent has a secret key in the secret keyring and if it does, prompts the user about a revocation certificate BEFORE allowing the key to be sent? == how many noobs

Re: Corrupting files

On Mon, 12 Jun 2006, Tom Thekathyil wrote: A wishes to send message to B. A encrypts message using B's key. Opens encrypted message and corrupts the file by altering one or more characters/adding redundant lines of code, e.g. changes case of first occurrence of 'T' in the code. Saves file an

Re: Keysigning challenge policies/procedures

On Thu, 6 Jul 2006, Todd Zullinger wrote: I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help in the automation of this task. ;) == pgp Key Signing

Re: Driving licence as identification and accepting signed keys without exchanging encrypted data

On Mon, 24 Jul 2006, Tony Whitmore wrote: I'm still working on getting my card reader to work, but in the meantime, I have a couple of questions regarding key-signing ettiquette following a session at LUG Radio Live last weekend. I hope the questions are not OT, I've checked the HOWTOs & FAQs,

Re: Driving licence as identification and accepting signed keys without exchanging encrypted data

On Mon, 24 Jul 2006, David Shaw wrote: Note that there is a difference between what page at http://www.hantslug.org.uk/cgi-bin/wiki.pl?LinuxHints/KeySigning says and what you say above. The page (correctly) notes that all that is necessary is that the person *sign* the challenge before sendin

Re: Driving licence as identification and accepting signed keys without exchanging encrypted data

On Tue, 25 Jul 2006, Tony Whitmore wrote: Thanks Atom, that article was linked to from the thread suggested yesterday. It covers some interesting etiquette points, and certainly doesn't mention using a encrypted block of random data to further verify identity: "If required, they may take thi

Re: 'sensitive' designated revoker -- are the keyservers still aware?

On Thu, 1 Feb 2007, [EMAIL PROTECTED] wrote: > why must the identity be revealed at all, if the key-owner who > designated the revoker doesn't want it to be? > > it doesn't add to the security to know who revoked it, (whoever it as, > it was someone the 'key-owner' decided it should be) it only

Re: RSA 1024 ridiculous

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, 17 Jun 2007, Remco Post wrote: > Does gnupg support elliptic curve crypto? ;-) == if you're paranoid about RSA, then there's no reason to go to ECC since the math behind it is still young and uncertain. while a 1024 bit

Re: RSA 1024 ridiculous

On Sun, 17 Jun 2007, Andrew Berg wrote: > Try signing/encrypting files that are tens, hundreds, or thousands of > megabytes in size. Sure, your average machine can sign/encrypt messages > that don't even fill a cluster without breaking a sweat, but if the > sensitive data is large, RSA-4096 isn

Re: RSA 1024 ridiculous / RSA 8192 sublime, and, possible with gnupg.

On Sun, 17 Jun 2007, David Shaw wrote: > The defaults in GnuPG are chosen to be basically sane for the > overwhelming majority of users. People who are recompiling GnuPG need > to understand the implications of the change they are making and be > aware they're throwing away that safety net. ==

Re: RSA 4096 ridiculous?

On Wed, 20 Jun 2007, Werner Koch wrote: > That is true for your desktop box. However, for small devices like PDAs > a 4k RSA key is a lot of work. The problem might not be the generation > or verification of a single signature but some of use have hundreds of > signatures on their key and che

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Nicolas Pillot wrote: > You might call me paranoid, but i just did so to avoid the potential > trouble some people were having on the forum. = seems like reasonable things to do... > I mounted it, read-only, or, well tried to mount it. After a big > *s

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Sven Radde wrote: > Atom Smasher schrieb: > >> in theory, if you're *really* using a strong pass-phrase, you can >> publish your private key in a public place and rest secure in the >> knowledge that no known technology can break your 100+ cha

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Robert J. Hansen wrote: > Ack! Ack! One time pads! Ack! > > I really, really wish the Vernam cipher was either lesser known or > better known. If it was lesser known, fewer people would advise ever > using it. If it was better known, more people would understand its >

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Atom Smasher wrote: responding to self... > even with a reasonably strong pass-phrase i wouldn't want to walk around > with my secret key on a flash-drive with my physical keys, but hidden in > a JPG of family/friends/pets it would be easily overlo

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Robert J. Hansen wrote: > If you are comfortable with the NSA and/or GCHQ wondering why you've got > AES-encrypted data hidden in a JPEG that's floating around the internet, > then go ahead with this. = i wouldn't be any more concerned than i am now, with non-hi

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Robert J. Hansen wrote: > Atom Smasher wrote: >> i wouldn't generally advocate a vernam cipher for encrypting messages, >> but i think it is the best real-world-practical way to do secret >> sharing (at least until someone builds an application tha

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Sun, 28 Oct 2007, Robert J. Hansen wrote: > At this point it's abundantly clear to me that you've never learned how > Shamir's scheme works. I don't know how to make a case for Shamir's > scheme to someone who doesn't care how it works, only that their > prejudice is that it's bad. > > So f

Re: A note to Atom Smasher [WAS: Subkey DSA signature changes...]

On Tue, 30 Oct 2007, YYZ wrote: > Going through the list archives, I came across a few of your postings > that seem to indicate that you have more insight into the way subkey > self-signatures are generated than what I can gather from the RFC. > Arguably, it's one of the most confusing sections

Re: Key safety vs Backup : History of a bad day (key-restoration problem)

On Thu, 1 Nov 2007, David Shaw wrote: > Does anyone see a good use case (aside from the cool-trick factor) to > using secret sharing in paperkey? 1) weak passphrase on the key 2) no passphrase on the key #2 may be more useful than it seems, if a key is very rarely used and the

Re: Signing people with only one form of ID?

On Wed, 27 Feb 2008, Robert J. Hansen wrote: Compare that to a passport. You might already have a passport. Even if you don't, it's pretty easy to find out what a passport looks like, what sort of paper is used in it, what security features are present. == ever seen a turkis

Re: Recovering Encrypted Zip

i haven't downloaded the file, but lemme guess... you encrypted a zip file with gpg? then you lost access to the secret key? game over. you lose. to put it in perspective - http://www.schneier.com/blog/archives/2008/06/kaspersky_labs.html http://en.wikipedia.org/wiki/RSA_Factoring_Challenge

Re: Securely delete files...

On Wed, 20 Aug 2008, Bhushan Jain wrote: I wanted to know how could the file be deleted securely using PGP? = you wouldn't use a hammer to put in screws, would you? there are tools for deleting files, but gpg isn't in the list. start with this one - http://en.wikipedia.org/wi

Re: Securely delete files...

this might be a better link if you're looking for a tool - http://en.wikipedia.org/wiki/Gutmann_method#Software_implementations -- ...atom http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ---

Re: Securely delete files...

On Wed, 20 Aug 2008, Chris Walters wrote: I hate to tell you this, but the F.B.I. Computer Forensics Laboratory has successfully recovered data from a drive, where the platters were shot multiple times with a shotgun. == that wouldn't surprise me, but is there a reference for it?

Re: Securely delete files...

On Wed, 20 Aug 2008, Michel Messerschmidt wrote: There is also the possibility to use encryption for *all* data on a harddisk. If the key is stored somewhere else (e.g. in your mind or on another disk), this may prevent data recovery on a similar level. === encrypted disks, and so

Re: Securely delete files...

On Wed, 20 Aug 2008, Robert J. Hansen wrote: ObWarning: many of the techniques we've discussed for destroying hard drives are really quite dangerous. Thermite is _not_ a friendly chemical. Neither is sulfuric acid. Even an approach as low-tech as hammering the platters into oblivion can be

Re: Securely delete files...

On Wed, 20 Aug 2008, Robert J. Hansen wrote: Faramir wrote: lets say I just want to avoid recovery software like "get data back" being able to recover a file. Is there a reliable way to do it without going to "extreme" solutions? No. == i'll play the other side... depending on

Re: Securely delete files...

On Thu, 21 Aug 2008, Faramir wrote: That's is what I am no longer sure I can do, I mean, it seems I can tell the disk "overwrite that file", and the disk can write somewhere else, not over the sectors containing the file I want to "destroy" (at least, that is what I have understood from this

Re: Securely delete files...

On Fri, 22 Aug 2008, David Shaw wrote: OS X is an interesting case. The standard filesystem, as you note, is HFS+ with journaling. Usually this is a danger sign for shredding as the shred process doesn't know all the information it needs to do a proper shredding job. However, Apple has shre