Re: gpg > addphoto
Hi Stefan. Am Donnerstag, den 10.01.2019, 19:33 +0100 schrieb Stefan Claas: > On Thu, 10 Jan 2019 18:38:36 +0100, > dirk.gottschalk1...@googlemail.com wrote: > Hi Dirk, > > Am Donnerstag, den 10.01.2019, 16:23 +0100 schrieb Stefan Claas: > > And this prevents also prevents an unintended DoS which means a > > very big key by mistake. It's okay to allow the generation of > > everything a user wants, especially in open source software where > > everybody can change the values. A hard limit would make no sense > > at all. > Just wondering, have you ever used other (more modern) open source > crypto software, which have hard limits and still get's the job done? Yes, there sure is, but, as long as the tool is open source and anybody who wants to change the limit to his own, such limits are useless. Regarding to this, the Parameter is applied to avoid reading larger Packets than 16M for importing and so on, on the client side. So, if a 'bad guy' alters his version of GPG in a way to create such abusive keys, the other users with an unaltered version should not get into trouble with such a key. Okay, it's quite possible to set this read limit down to, let's say, 8M, but I think 16M is a good limit to avoid hanging and other side effects with a way to large key. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg > addphoto
On Wed, 09 Jan 2019 23:40:02 -0900 justina colmena via Gnupg-users writes, and having writ moves on: >It's a peculiar problem with which law enforcement is of little or no >assistance. There's a gun and a badge and a gang of dicks with >flashlights all over town, and a heavy-breathing warrant to bust your >door in on that stuff. Neither the law enforcement credentials nor the >color of law excuse the base human desire of cops to indulge their own >flesh. > I think you are responding to your own view of the world here and not to the tread or anything pertaining to GNUPG. I for one would appreciate it if such vitriol as this is left in a more appropriate venue than this mailing list. Choosing such a venue is left as an exercise for the reader. Mike Yetto -- "It's the job that's never started as takes longest to finish." - Samwise Gamgee ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg > addphoto
On Wed, 9 Jan 2019 18:06:52 +0100, Stefan Claas wrote: > O.k. i did a quick check on github for proper tools and found this > very interesting tool, written in Golang. > > https://github.com/umahmood/steg Just had the time to test this very nice little tool with GnuPG. I prepared an image 800x571 pixels 72dpi and embedded an mp3 message, created with the macOS say command. Everything works as expected. One only needs to use then: gpg --list-keys --list-options show-photo 359A1872F120F7E7 so that preview from macOS displays the image for saving (with standard settings). Very nice and easy workflow and the resulting key is only 61KB in size. If someone like to look at the key: https://pgp.circl.lu/pks/lookup?op=get=0x359A1872F120F7E7 Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg > addphoto
On January 8, 2019 11:23:40 AM AKST, dirk1980ac via Gnupg-users wrote: >Hello. > >Am Dienstag, den 08.01.2019, 20:16 +0100 schrieb Stefan Claas: > >> Yes, agreed! However, as it currently is there is no need for bad >> actors because people have plenty of image space in a key. > >Uh, I think you have found a new place where the guys can hide their >porn collections so there wifes don't find it. > >Sorry, could not resist. > >Regards, >Dirk It's a peculiar problem with which law enforcement is of little or no assistance. There's a gun and a badge and a gang of dicks with flashlights all over town, and a heavy-breathing warrant to bust your door in on that stuff. Neither the law enforcement credentials nor the color of law excuse the base human desire of cops to indulge their own flesh. A related problem is "image phreaking." People make a game of digitally altering images and obscuring their source. Others make a game of deobfuscating the images and tracking them down. There is a very close-knit community of this sort of thing among disreputable hangers-on to Interpol, Europol, US FBI, Russian FSB, etc. Several times I have been forced to permanently dissociate myself from all images and photos ever to have been associated with me, whether photos I have taken myself or which were found on my computer. Those people were hunting me, and they were led astray by their false assumptions, because *I* usually assume when foreign cops are hunting me that they are hunting to kill, and not to bring criminal or civil charges in court. Wherever there is a photo or image of any sort, cops as well as a certain low-class security apparatchik always _assume_ an unhealthy obsession or morbid desire to memorialize something or someone. I mean, if you're not a professional photographer, you are _assumed_ to be trespassing on their intellectual property in some way or another, however they can twist it around in court to make it appear so. It's all part and parcel of the artsy-fartsy red-light district with the FBI warnings on all the Hollywood movies, actresses accusing male fans of stalking, etc. So digital photos and images become a cop-calling feminists' emotional space where men in general and less privileged women are prohibited by law, but professional necktied gentlemen are perfectly welcome. -- Una Milicia bien regulada, estando necesaria a la seguridad de un Estado libre, el derecho del pueblo de tener y de portar Armas, no serĂ¡ infringido. https://www.colmena.biz/~justina/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
