Re: Some people say longer keys are silly. I think they should be supported by gpg.
Hi On Wednesday 30 May 2012 at 10:30:56 PM, in mid:4fc69190.5000...@sixdemonbag.org, Robert J. Hansen wrote: And if the planting *is* coordinated, why in the world would you ever need a 1 in 6 penetration rate? Whilst it would be *possible* for the various different departments and agencies mentioned by the OP to coordinate their efforts, that seemed so far-fetched to me as to not merit consideration. -- Best regards MFPAmailto:expires2...@rocketmail.com No man ever listened himself out of a job ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
Hi On Monday 28 May 2012 at 3:12:24 AM, in mid:4fc2df08.4020...@sixdemonbag.org, Robert J. Hansen wrote: The problem isn't the fraction of the population. The problem is command and control. That will always be a problem if the planting is uncoordinated. As a thought experiment, what happens when all the real protesters have gone on to something else and plants from various agencies make up 100%? -- Best regards MFPAmailto:expires2...@rocketmail.com When it comes to humility, I'm the greatest. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 05/30/2012 04:14 PM, MFPA wrote: That will always be a problem if the planting is uncoordinated. And if the planting *is* coordinated, why in the world would you ever need a 1 in 6 penetration rate? I'm sorry, but this is rapidly descending down the rabbit-hole of conspiracy theory -- where every plea for sanity and rationality is met by an expansion of the conspiracy theory in order to explain why sanity and rationality don't work in this particular case. The world is not _The Illuminatus! Trilogy_. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
MFPA wrote: Hi On Monday 28 May 2012 at 3:12:24 AM, in mid:4fc2df08.4020...@sixdemonbag.org, Robert J. Hansen wrote: The problem isn't the fraction of the population. The problem is command and control. That will always be a problem if the planting is uncoordinated. As a thought experiment, what happens when all the real protesters have gone on to something else and plants from various agencies make up 100%? My mother once told me that it was easy in the late 1930s and 1940s for Communist Party members to identify the FBI informants. The informants were the only ones who paid their dues. Real communists could not afford it. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 17:40:01 up 1 day, 2:00, 4 users, load average: 1.26, 1.36, 1.35 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Wednesday 30 of May 2012 21:14:42 MFPA wrote: Hi On Monday 28 May 2012 at 3:12:24 AM, in mid:4fc2df08.4020...@sixdemonbag.org, Robert J. Hansen wrote: The problem isn't the fraction of the population. The problem is command and control. That will always be a problem if the planting is uncoordinated. As a thought experiment, what happens when all the real protesters have gone on to something else and plants from various agencies make up 100%? Ahh, the Memoirs Found in a Bathtub! Well written book, quite captivating. -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 22 May 2012 09:58, tim.kac...@gmail.com wrote:
I think it should be okay to dredge up this topic ever couple years. From
what I am reading, links below, I do not feel comfortable with the key
length and algorithmic security offered by GPG's defaults.
Use this patch to increase the maximum keysize in gpg2 to 8192 when using
the --expert option - intended for v2.0.17 but should be good for later
versions too.
--- g10/keygen.c2011-01-15 16:32:30.0 +
+++ g10/keygen.c2011-01-15 16:32:42.0 +
@@ -1774,7 +1774,7 @@
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=8192;
int for_subkey = !!primary_keysize;
int autocomp = 0;
*--expert*
Allow the user to do certain nonsensical or silly things like signing an
expired or revoked key, or certain potentially incompatible things like
generating unusual key types. This also disables certain warning messages
about potentially incompatible actions. As the name implies, this option is
for experts only. If you don't fully understand the implications of what it
allows you to do, leave this off. --no-expert disables this option.
It's generally accepted that a big key is a silly thing so seems perfect
for inclusion in the expert option.
Ben
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Mon, May 28, 2012 at 12:27 PM, Benjamin Donnachie
benja...@py-soft.co.uk wrote:
On 22 May 2012 09:58, tim.kac...@gmail.com wrote:
I think it should be okay to dredge up this topic ever couple years. From
what I am reading, links below, I do not feel comfortable with the key
length and algorithmic security offered by GPG's defaults.
Use this patch to increase the maximum keysize in gpg2 to 8192 when using
the --expert option - intended for v2.0.17 but should be good for later
versions too.
If you're going to add it to the --expert option it almost seems silly
to restrict it to 8192. Might as well pick an arbitrarily large number
since the point is to account for silly and/or experimental use
cases anyways.
2^32 should more than cover it (while we're being silly)
I read a paper a while back discussing key size in which they
generated extremely large keys on large clusters for some reason...
I'll have to see if I can dig it out.
—Sam
--- g10/keygen.c 2011-01-15 16:32:30.0 +
+++ g10/keygen.c 2011-01-15 16:32:42.0 +
@@ -1774,7 +1774,7 @@
static unsigned
ask_keysize (int algo, unsigned int primary_keysize)
{
- unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=4096;
+ unsigned int nbits, min, def = DEFAULT_STD_KEYSIZE, max=8192;
int for_subkey = !!primary_keysize;
int autocomp = 0;
--expert
Allow the user to do certain nonsensical or silly things like signing an
expired or revoked key, or certain potentially incompatible things like
generating unusual key types. This also disables certain warning messages
about potentially incompatible actions. As the name implies, this option is
for experts only. If you don't fully understand the implications of what it
allows you to do, leave this off. --no-expert disables this option.
It's generally accepted that a big key is a silly thing so seems perfect
for inclusion in the expert option.
Ben
--
Sam Whited
pub 4096R/EC2C9934
SamWhited.com
s...@samwhited.com
404.492.6008
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 22 May 2012 at 6:10:05 PM, in mid:4fbbc86d.30...@sixdemonbag.org, Robert J. Hansen wrote: Not even Nicolai Ceaucescu's Romania or Erich Honecker's German Democratic Republic were able to get one in six people to serve as informers. Planted informers numbering 1 in 6 of the protesters would still be a statistically negligible percentage of the population at large. - -- Best regards MFPAmailto:expires2...@rocketmail.com Never interrupt me when I'm trying to interrupt you. -BEGIN PGP SIGNATURE- iQCVAwUBT8Ko+qipC46tDG5pAQq4VwQAwKtRlBkhlH50FC3Qx/dp6Qv4mAh3+bjb xepFNDP3enfgt60RDCarrAqoi0HbZgeyk/zayLxbdLdRkE1u+3TPbkKLmX1iIJLF 9RkvTD0gtG8ExPou6HbHGZEKXbMjf7Tm+S0QVjHOMP5KxSFp0bpPcK8GM2hX65I/ ictKd01Eb2w= =uOM8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 5/27/12 6:21 PM, MFPA wrote: Planted informers numbering 1 in 6 of the protesters would still be a statistically negligible percentage of the population at large. That's actually not the problem. The problem is that if 1 in 6 people is a plant, then you're going to have endless amounts of embarrassing blue-on-blue -- one plant decides to do X to prove to his handlers that he can Get Things Done(tm) and is worth the money he's getting paid, and one plant, upon hearing that oh my God, this guy is planning on doing X!, does everything possible to block X in order to prove to *his* handlers that he's preventing major incidents and is worth the money he's getting paid. The problem isn't the fraction of the population. The problem is command and control. -BEGIN PGP SIGNATURE- iFYEAREIAAYFAk/C3wgACgkQI4Br5da5jhDmeQDgvcd0Sk0jvTFUqpY/o3dRCQWc 5CkyxhKJj30dFwDeJWwhWPxiMSPh2pk/hBJme6duMcRWi6J8QmrVsA== =W90A -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 19:40, Robert J. Hansen wrote: On 5/22/12 2:26 PM, Hauke Laging wrote: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? I think so, yes. The question is who's going to write it? I suspect Werner doesn't have the time. If he wants, I would be happy to take a stab at writing it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users A good idea Robert! David - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvKNjAAoJEOJpqm7flRExCLwH/RkpUwsTVZhXog8abFgosJqe th4H1d3yejkbO1fxytyxwufQEZmzruz4SPpoWT2TcZ71SmznoSWXqWm5rQ53K1sD WoRvGdutOiVRTghR1wS3bvsR+BcH2lUXQqvWqqiu0WYkEvKierEpR+rw+p5vrEsS P2CQ8GqKDwNeipZn+7zcx5ZE2jykSk/Yzc47ptEv9PrKuIA4R7Gs8FqZ3Hbr4gCM wWPz+YmjIlvl3YSncMOOWnMbFD2HqJhVB6kQN/9rGVUy3H09aqhbQSYFUwwns/tE 1AnrZ8VytiMJGUGt8il0KWZtTtHkqs1Rzn6nOrtHo2agxb0ELpECXDqFTnI1fLs= =yP71 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Some people say longer keys are silly. I think they should be supported by gpg.
I think it should be okay to dredge up this topic ever couple years. From what I am reading, links below, I do not feel comfortable with the key length and algorithmic security offered by GPG's defaults. I have not been able to figure out how to get keylengths greater than 3072 for DSA/elgmal or 4094 rsa, so I conclude that generating them is unsupported by GPG although GPG can use them. I have seen many people saying that these types of key lengths are way more than anyone could reasonably need, but I am skeptical. I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. An entire global class of people. You can argue that they may be uninterested in me, however I don't buy that argument at all because they have spent (possibly a lot) more than a thousand dollars at least on me personally at this point I am sure in policing costs to try to survielle and intimidate me, after you divide down. The eviction alone at my occupy cost (probably greatly) in excess of $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours. There are also estimates made that in the US 1 in 6 protestors is actually a government agent of one sort or another, dept of defense, homeland security, fbi what have you. And that exludes any thugs the bankers put in the crowd as privately hired types. Secondly I want my communications to remain unread into the relatively distant future. Given the sort of crap the 1% do wrt murdering and maiming vast quantites of people for a couple extra bucks I would not be the least bit surprised if 20 years from now they dissapeared me because I passed our some pamphlets that said end class war now. An enemy is an enemy, and enemies must be smooshed, right? Why take risks like letting an innocent person live if they might concievable scratch your gravy train at some point in the future? Abductions and bullets aren't that expensive once you got everything all set up, it's a good investement. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? And yes I recognize that it would be a lot easier for them to plant spyware on my computers than break the keys, however they can't plant spyware on everone's computer. without people noticing They do slurp up and probably store indefinitely all text -and many other- communications on the internet (carnivore etc.). In the future, data they don't have they can't use. There is always a substantial probability that they will not get my keys with spyware, and I would like capitalize (If you'll pardon me) on that. Fourthly a little safety margin never hurt. I think it should be easier to pick longer keys. Also info should be included in the compendium regarding practical aspects of key choice, like a table that shows how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event just a table in which you select your adversary, then your time horizon, and it tells you what key lengths are suitable, with due warnings and notes regarding the possibility of quantum computers, mathematical advances etc. I understand that no matter how long the keys are it's still only a relatively small part of the equation. However I thought it was the norm to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. My trust in GPG has been disturbed by this state of affairs. I thought I could just trust the defaults but I am finding that they may not really include the safety margin that people desire. I shudder to think of people who are doing more serious stuff in the class war than little ol' me (which isn't hard). Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 -http://www.schneier.com/essay-368.html note that this was written in 1998 http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes it clear that it is not unreasonable for someone in my position to choose a 4096 bit key. http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or elGamal key is about equivalent to 128 bit symmetric key, right? And a 256 bit key length equivalent public key is abut 15,387 bits.. I think if people want to use the same level of encryption for their data that the government uses shouldn't that be supported at least in command line mode? http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies in
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 04:58:48 -0400
tim.kac...@gmail.com articulated:
{snip}
sarcasm
Interesting! I once worked for a secret government agency. We had a
working theory that anyone using encryption for other than normal
business operations was an obvious enemy of the state. I guess we must
have missed you. We will be coming soon.
/sarcasm
Seriously, have you forgotten to take your meds today?
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__
if all you have is a hammer, everything looks like a nail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 8:12 AM, Jerry wrote: Seriously, have you forgotten to take your meds today? Let's not be mean. I will be the absolute first person demanding the right to criticize ideas as harshly as I want. I'll happily call an idea stupid, ill-informed, wrong, or anything else. I do this with a clear conscience because I know that I'm not my ideas, just like nobody else is theirs. But I don't ever want to the the first person to be calling *people* those things. People are special, precious, and often fragile. Our community is made up of these rare commodities, and it behooves us to treat other people with dignity and respect and consideration. Let's not be mean. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22/05/12 13:12, Jerry wrote:
On Tue, 22 May 2012 04:58:48 -0400 tim.kac...@gmail.com articulated:
{snip}
sarcasm
Interesting! I once worked for a secret government agency. We had a working
theory that
anyone using encryption for other than normal business operations was an
obvious enemy
of the state. I guess we must have missed you. We will be coming soon.
/sarcasm
Seriously, have you forgotten to take your meds today?
Knock! Knock!
I think that here in the UK the intelligence services have always considered
that the real
enemy of the state was the people!
I take a dispersible Aspirin every day - keeps the spooks away! Ha!
David
- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of
the
kind.Stern, sane,every brain-cell perfect and complete even at the moment of
death. No
delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPu5ZMAAoJEOJpqm7flRExQbQH/RpzFyB5fZ4wWvds+L09MHfS
0mnw+8PNfIXEOczswWGRkzMmbHcqTfhH2k669VppcQx1UXCYcJseTquRArlcxVl/
Et/I8cBIJu0TnkDvJmbzEacJAJpM6LRSqfZtjzIS4BTFnaJCsrNg1Z+mXAH0qaNT
6oL1VTOUTVsQuLytNeZSUCTppIlt6UtSB38c3HqxOZufJmH2GQK7bzYUnbPbvODo
mLJ/psupfAEBmk81wAinIe0JxX2d+enVGYsZyOk0cvCLe2JY+4JBpMJx2Iydhv+N
Zc4ee4kkbTvMHjEBxHQ6UcK+A2c515F/xmmaBgo8/fUw1VOTYuG3Wd8BbLp9JjY=
=xXwi
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 4:58 AM, tim.kac...@gmail.com wrote: I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. You might want to re-think talking about this in a public forum. This mailing list is open to everyone, including the very people you're talking about. The first rule of good operational security is, don't draw attention to yourself or your organization. Secondly I want my communications to remain unread into the relatively distant future. A 3072-bit key will do that today. Breaking a 3K key would require such technological advances that it would be indistinguishable from science fiction. There's no point in going past a 3K key because if a 3K key were to ever fall we'd have to reconsider the mathematical foundations of cryptography. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? No, it's not. Imagine an automobile. You might say, well, I'd like an additional hundred horsepower so I want to put a V-8 engine in my automobile: why doesn't my automobile support this? But if your car is a Fiat 500, well, there's simply not the room for such a large engine, nor is the transmission or powertrain ready for that. For that matter, even the wheels would have to be redesigned: sustained high-speed driving on your average Goodyears will cause them to delaminate and come apart, so you'd need H-rated sport wheels or Pirelli PZero Neros. Changing one component requires changes to a lot of other components. That's what we're facing with changing the maximum key length. The mobile experience would be impacted, the embedded market would be impacted, and even interoperability with other OpenPGP applications would be impacted (since as far as I know none of them save for PGP 6.5.8ckt support such large keys). It's all right to ask for larger keys to be supported, but there are tradeoffs to be made here. Fourthly a little safety margin never hurt. That safety margin is already present. I understand that no matter how long the keys are it's still only a relatively small part of the equation. However I thought it was the norm to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. Yes, and 128-bit crypto is plenty sufficient for that. http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires 192 or 256-bit AES keys for highly sensitive data. Quoting from that page, 128 bits is currently thought, by many observers, to be sufficient for the foreseeable future. The Wikipedia page is also in error. Per the publicly-available NSA Suite B documents, AES128 is considered sufficient for SECRET data. There is no AES192 requirement in Suite B. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
Hi. This pops up over and over again... From a technical point of view that seems to be not only a intended limitation,... at least it's not enough to change the max size in the code,... there seem to be several buffers one would need to enlarge in order to make bigger keys. Personally I'd prefer if gpg wouldn't have that limitation. I know all the arguments against larger keys which is why I'd suggest to enable larger sizes only when --expert is given and even then warn. Most people will get quickly distracted from large key sizes anyway when they see how long their generation takes ;) Nevertheless I guess it could even help to find awkward bugs or other issues that may not appear with the moderate key sizes. Cheers, Chris. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 22/05/12 15:39, Christoph Anton Mitterer wrote: Nevertheless I guess it could even help to find awkward bugs or other issues that may not appear with the moderate key sizes. Or bugs only affecting large keys are not found because so few people use it, and it becomes an attack vector affecting only those using large keys. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 10:58, tim.kac...@gmail.com said: on my computers than break the keys, however they can't plant spyware on everone's computer. without people noticing They do slurp up and Are you sure? Did you looked at the GnuPG code so closely to come up with such a strong statement? I should feel honored that you put that much trust into us GnuPG authors and the few white hats who closely reviewed the code. However there is more to it than GnuPG. Do you put the same trust into the gcc and glibc maintainers, Linux kernel hackers, the Windows hackers at Microsoft and elsewhere, the hardware guys at Intel or AMD, the support chip vendors? There are a lot of ways to compromise a system, hidden backdoors in other systems have already been revealed in the past. 2048, 4092 etc. Or event just a table in which you select your adversary, then your time horizon, and it tells you what key lengths are suitable, with due warnings and notes regarding the possibility of Any such table would to some extend be the result of applying black magic. GnuPG is just a tool and not a cover all security solution. For such a solution you need to come up with a threat analysis, evaluate countermeasures, policies, training, more software, and likely additional hardware (walls, locks, barbed wire). to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. Right, we are doing just that. As of now 2048 bit RSA is a pretty good default. Before you use a longer key, my suggestion would be to first install a random generator which holds up with such a key. http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies in computation and cost of public key vs. symmetric. That is pure cryptography and as such good hint on how to select defaults for a general purposes system - but not a absolute truth. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 11:50 AM, Werner Koch wrote: There are a lot of ways to compromise a system, hidden backdoors in other systems have already been revealed in the past. It's worth bringing out Vint Cerf's estimate that between a sixth and a quarter of all desktop PCs have been completely compromised and are under the control of botnet operators [1]. That was from five years ago: the numbers are probably worse today. And that only covers people targeted randomly! For those people unfortunate enough to be targeted for surveillance by an even semi-competent crew, it's far worse. Your front door is no obstacle to someone who's learned how to pick a lock -- or someone smart enough to look around for a fake plastic rock nearby in which you've placed your backup key. I have no doubt whatsoever that a good crew could gain access, enter, compromise the target's PC and be out of there in under five minutes without the target ever knowing about it. So, yes. If anyone is the target of a serious surveillance campaign (legal or extralegal, state actors or non-state actors, whatever), well... you have your work cut out for you defending against that. GnuPG will not save you, not even with a 16K keypair. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 09:23:36 -0400 Robert J. Hansen articulated: On 5/22/12 8:12 AM, Jerry wrote: Seriously, have you forgotten to take your meds today? Let's not be mean. I will be the absolute first person demanding the right to criticize ideas as harshly as I want. I'll happily call an idea stupid, ill-informed, wrong, or anything else. I do this with a clear conscience because I know that I'm not my ideas, just like nobody else is theirs. But I don't ever want to the the first person to be calling *people* those things. People are special, precious, and often fragile. Our community is made up of these rare commodities, and it behooves us to treat other people with dignity and respect and consideration. Let's not be mean. Sorry, I did not mean it to sound that way. I have worked with people that when they forget to take their medication are absolutely paranoid beyond belief. You have no doubt heard the phase, Only sick people take drugs; therefore, if I don't take drugs I am not sick. Many paranoid, schizophrenics rationalize skipping their medication on just that sort of logic. What really amazed me though was that the OP wants security and yet he uses GMail. GMail and security are diametrically opposed concepts. Now if you will excuse me, I have to put new aluminum foil up on my windows. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 12:28 PM, Robert J. Hansen wrote: under the control of botnet operators [1]. Whoops. [1] http://news.bbc.co.uk/2/hi/business/6298641.stm ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
I apologize in advance if any of this sounds snarky. It's not intended as such. Everything I've written here is sincere. I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. Did you know that in the United States, the Fish and Wildlife Service is an intelligence agency? Check their jobs postings and you'll see a good number of them say a security clearance is required. Your claim may lead people to writing off your movement on the grounds that one of two things are true. Either: - They're a bunch of crazies who think that even the park rangers are after them, - Or, holy Toledo, even the park rangers are after them! It seems unlikely to me that either one will engender much support. If people think the former, then the movement is crazy and can be written off. If people think the latter, then it's incredibly dangerous to stand too close to you and no one will show up to your protests. There are also estimates made that in the US 1 in 6 protestors is actually a government agent of one sort or another, dept of defense, homeland security, fbi what have you. Not even Nicolai Ceaucescu's Romania or Erich Honecker's German Democratic Republic were able to get one in six people to serve as informers. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? No, it's not what we're looking at. If we take you seriously, if we really believe what you say, then what we're looking at is: - If we help you, we're likely going to get disappeared, either now or in twenty years - Your group is completely penetrated/compromised - Your group has no effective methods of policing itself to detect and expel infiltrators - There's an excellent chance *you yourself* are a mole. After all, there's no better way to deflect suspicion than to be looking for moles -- ask Aldrich Ames or Robert Hanssen - And yet, you believe that if GnuPG supports larger key sizes that your security will be substantially improved. Fourthly a little safety margin never hurt. If what you say is true, then just by coming onto this list and asking for help you have put everyone on this list in jeopardy. Your obsession with a little safety margin seems rather hypocritical. There are really only two possibilities here. Either your claims are substantially true, or they are substantially false. I believe they are substantially false, and I encourage you to re-think them. A correct estimation of your situation and what sorts of security threats you're facing will do you infinitely more good than a larger GnuPG key. And with that, I'm done with this thread. I wish you luck. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tuesday 22 of May 2012 12:33:03 Jerry wrote: What really amazed me though was that the OP wants security and yet he uses GMail. GMail and security are diametrically opposed concepts. Since when the security of encryption is dependant on the carrier/communication channel? Did I miss some memo? Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tuesday 22 of May 2012 13:34:20 da...@gbenet.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 09:58, tim.kac...@gmail.com wrote: I think it should be okay to dredge up this topic ever couple years. From what I am reading, links below, I do not feel comfortable with the key length and algorithmic security offered by GPG's defaults. I have not been able to figure out how to get keylengths greater than 3072 for DSA/elgmal or 4094 rsa, so I conclude that generating them is unsupported by GPG although GPG can use them. I have seen many people saying that these types of key lengths are way more than anyone could reasonably need, but I am skeptical. I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. An entire global class of people. You can argue that they may be uninterested in me, however I don't buy that argument at all because they have spent (possibly a lot) more than a thousand dollars at least on me personally at this point I am sure in policing costs to try to survielle and intimidate me, after you divide down. The eviction alone at my occupy cost (probably greatly) in excess of $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours. There are also estimates made that in the US 1 in 6 protestors is actually a government agent of one sort or another, dept of defense, homeland security, fbi what have you. And that exludes any thugs the bankers put in the crowd as privately hired types. Secondly I want my communications to remain unread into the relatively distant future. Given the sort of crap the 1% do wrt murdering and maiming vast quantites of people for a couple extra bucks I would not be the least bit surprised if 20 years from now they dissapeared me because I passed our some pamphlets that said end class war now. An enemy is an enemy, and enemies must be smooshed, right? Why take risks like letting an innocent person live if they might concievable scratch your gravy train at some point in the future? Abductions and bullets aren't that expensive once you got everything all set up, it's a good investement. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? And yes I recognize that it would be a lot easier for them to plant spyware on my computers than break the keys, however they can't plant spyware on everone's computer. without people noticing They do slurp up and probably store indefinitely all text -and many other- communications on the internet (carnivore etc.). In the future, data they don't have they can't use. There is always a substantial probability that they will not get my keys with spyware, and I would like capitalize (If you'll pardon me) on that. Fourthly a little safety margin never hurt. I think it should be easier to pick longer keys. Also info should be included in the compendium regarding practical aspects of key choice, like a table that shows how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event just a table in which you select your adversary, then your time horizon, and it tells you what key lengths are suitable, with due warnings and notes regarding the possibility of quantum computers, mathematical advances etc. I understand that no matter how long the keys are it's still only a relatively small part of the equation. However I thought it was the norm to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. My trust in GPG has been disturbed by this state of affairs. I thought I could just trust the defaults but I am finding that they may not really include the safety margin that people desire. I shudder to think of people who are doing more serious stuff in the class war than little ol' me (which isn't hard). Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 -http://www.schneier.com/essay-368.html note that this was written in 1998 http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes it clear that it is not unreasonable for someone in my position to choose a 4096 bit key. http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or elGamal key is about equivalent to 128 bit symmetric key, right? And a 256 bit key length
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 2012-05-22 at 17:50 +0200, Peter Lebbing wrote: Or bugs only affecting large keys are not found because so few people use it, and it becomes an attack vector affecting only those using large keys. While this could happen, I'd guess it would be rather vice versa And eventually larger key sizes may become common (as it always happened so far) and then we'd stumble across such problems anyway... better now, where larger key sizes are not yet needed Chris. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
tim.kac...@gmail.com wrote: I think it should be okay to dredge up this topic ever couple years. From what I am reading, links below, I do not feel comfortable with the key length and algorithmic security offered by GPG's defaults. [I think I write this same email on one list or another at least once per year] That is your right. Come back with the math if you wish to convince many of us of your position. I have not been able to figure out how to get keylengths greater than 3072 for DSA/elgmal or 4094 rsa, so I conclude that generating them is unsupported by GPG although GPG can use them. I have seen many people saying that these types of key lengths are way more than anyone could reasonably need, but I am skeptical. You do what has been done in the past, you hack the source. BTW, the NSA whose second primary mission is securing the communication of the US Gov't says 2048-3072 is as far as that technology goes. At that length the switch should be made to ECC. NIST who sets the standards for the rest of the Gov't and much of business agree. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? Pssst, they're not going to try to break your encryption, they have easier methods of stalking and watching you. And yes I recognize that it would be a lot easier for them to plant spyware on my computers than break the keys, however they can't plant spyware on everone's computer. without people noticing They do slurp up and probably store indefinitely all text -and many other- communications on the internet (carnivore etc.). In the future, data they don't have they can't use. There is always a substantial probability that they will not get my keys with spyware, and I would like capitalize (If you'll pardon me) on that. Fourthly a little safety margin never hurt. Except when they're are easier ways to achieve equal or better security I think it should be easier to pick longer keys. Also info should be included in the compendium regarding practical aspects of key choice, like a table that shows how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event just a table in which you select your adversary, then your time horizon, and it tells you what key lengths are suitable, with due warnings and notes regarding the possibility of quantum computers, mathematical advances etc. 4092 bit keys will never come into vogue except among a small group of people who think they are better. I understand that no matter how long the keys are it's still only a relatively small part of the equation. However I thought it was the norm to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. My trust in GPG has been disturbed by this state of affairs. I thought I could just trust the defaults but I am finding that they may not really include the safety margin that people desire. I shudder to think of people who are doing more serious stuff in the class war than little ol' me (which isn't hard). The defaults in GnuPG are quite safe. You're understanding of them needs a bit of work. Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 -http://www.schneier.com/essay-368.html note that this was written in 1998 http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes it clear that it is not unreasonable for someone in my position to choose a 4096 bit key. Specific predictions about Cryptography far in the future should be taken with a LARGE grain of salt. Most of the RSA 8192 ideas come from Schneier's Applied Crypotograthy. Bruce Schneier has done a lot of great work, but relying on 14-year-old advice for RSA key sizes ignores current work and best practice thought in cryptography Over the summer (2010), readers of the [Cryptography] mailing list were reminded that in 1993 folks thought that 1024-bit RSA 'should be ok (safe from key-factoring attacks) for a few decades.' 1.75 decades later it's essentially history. http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or elGamal key is about equivalent to 128 bit symmetric key, right? And a 256 bit key length equivalent public key is abut 15,387 bits.. I think if people want to use the same level of encryption for their data that the government uses shouldn't that be supported at least in command line mode? http://www.win.tue.nl/~klenstra/aes_match.pdf good paper on equivalencies in computation and cost of public key vs. symmetric. past RSA key sizes of
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 18:23, Hubert Kario wrote: On Tuesday 22 of May 2012 13:34:20 da...@gbenet.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 09:58, tim.kac...@gmail.com wrote: I think it should be okay to dredge up this topic ever couple years. From what I am reading, links below, I do not feel comfortable with the key length and algorithmic security offered by GPG's defaults. I have not been able to figure out how to get keylengths greater than 3072 for DSA/elgmal or 4094 rsa, so I conclude that generating them is unsupported by GPG although GPG can use them. I have seen many people saying that these types of key lengths are way more than anyone could reasonably need, but I am skeptical. I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. An entire global class of people. You can argue that they may be uninterested in me, however I don't buy that argument at all because they have spent (possibly a lot) more than a thousand dollars at least on me personally at this point I am sure in policing costs to try to survielle and intimidate me, after you divide down. The eviction alone at my occupy cost (probably greatly) in excess of $16,000 to arrest 8 people, and involved almost 200 cops for 4 hours. There are also estimates made that in the US 1 in 6 protestors is actually a government agent of one sort or another, dept of defense, homeland security, fbi what have you. And that exludes any thugs the bankers put in the crowd as privately hired types. Secondly I want my communications to remain unread into the relatively distant future. Given the sort of crap the 1% do wrt murdering and maiming vast quantites of people for a couple extra bucks I would not be the least bit surprised if 20 years from now they dissapeared me because I passed our some pamphlets that said end class war now. An enemy is an enemy, and enemies must be smooshed, right? Why take risks like letting an innocent person live if they might concievable scratch your gravy train at some point in the future? Abductions and bullets aren't that expensive once you got everything all set up, it's a good investement. I'm 23 now and I take various modest precautions to ensure that I have the best chance I can to remain in good health when I am 43. Or 63. A couple hundred extra milliseconds of decryption/encryption time per message for a key longer than 3072 or 4092 sounds like a good choice frankly. Is that not what we are looking at? And yes I recognize that it would be a lot easier for them to plant spyware on my computers than break the keys, however they can't plant spyware on everone's computer. without people noticing They do slurp up and probably store indefinitely all text -and many other- communications on the internet (carnivore etc.). In the future, data they don't have they can't use. There is always a substantial probability that they will not get my keys with spyware, and I would like capitalize (If you'll pardon me) on that. Fourthly a little safety margin never hurt. I think it should be easier to pick longer keys. Also info should be included in the compendium regarding practical aspects of key choice, like a table that shows how long it takes to encrypt a symmetric key with 2048, 4092 etc. Or event just a table in which you select your adversary, then your time horizon, and it tells you what key lengths are suitable, with due warnings and notes regarding the possibility of quantum computers, mathematical advances etc. I understand that no matter how long the keys are it's still only a relatively small part of the equation. However I thought it was the norm to pick something that basically eliminated concern about the encryption being broken, so one could forget about that part and focus on the rest.of your security worries. My trust in GPG has been disturbed by this state of affairs. I thought I could just trust the defaults but I am finding that they may not really include the safety margin that people desire. I shudder to think of people who are doing more serious stuff in the class war than little ol' me (which isn't hard). Links: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 -http://www.schneier.com/essay-368.html note that this was written in 1998 http://www.rsa.com/rsalabs/node.asp?id=2004 this one in particular makes it clear that it is not unreasonable for someone in my position to choose a 4096 bit key. http://en.wikipedia.org/wiki/Key_length wikipedia says the U.S. Government requires 192 or 256-bit AES keys for highly sensitive data. A 3072 bit RSA or elGamal key is about equivalent to 128
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 22/05/12 19:10, Robert J. Hansen wrote: Your claim may lead people to writing off your movement on the grounds that one of two things are true. Either: - They're a bunch of crazies who think that even the park rangers are after them, - Or, holy Toledo, even the park rangers are after them! It seems unlikely to me that either one will engender much support. If people think the former, then the movement is crazy and can be written off. If people think the latter, then it's incredibly dangerous to stand too close to you and no one will show up to your protests. This presupposes that people will equate the whole movement with this single individual. This is definitely not unlikely, though :-) [1] Peter. [1] After all, *all* people generalise! ;) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 22/05/12 20:00, da...@gbenet.com wrote: On 22/05/12 18:23, Hubert Kario wrote: [...snip...] David and Hubert, could you please trim the quotes in your replies? I'm typing this with one hand because my scroll finger is cramping... ;) j/k Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/05/12 19:09, Peter Lebbing wrote: chain sawed Oh all right :) Ha! Ha! David - no offence meant btw :) just so funny :) - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” https://linuxcounter.net/user/512854.html - http://gbenet.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPu9dwAAoJEOJpqm7flRExb0oH/Alv+svuTQ2P+b1XfT05ke1u c62vV/LXL4n8XM9WmSd0DRm9qjpmJ77KdRR4cn5RCsz9CdiaFTQGVuB44EGWkudt RYTxiSnirn+hpZ31PWnvT6SNNN06xJFevTLpNt33oF1POC7Jfuz618LAi6VIWK3U 6IBY7QLqx+BxcJmRWpayXYcvCBCP0NBN2wi1ay5mwnHcXiaxHs7pg2M+sXaWXeun Iiiiz7MmnJGIzeBhvp8jO4gqoJ68LpnBRAH43D0DQ33EA/T2AkVxGVUQwTxLtIdp ful2lQbA3q3oOnWD61pMz+nlCDQeMHo8lc+YU468DD0vT7Ds2cd03gc7fbewBds= =A1dH -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 2:26 PM, Hauke Laging wrote: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? I think so, yes. The question is who's going to write it? I suspect Werner doesn't have the time. If he wants, I would be happy to take a stab at writing it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, May 22, 2012 at 08:26:14PM +0200 Also sprach Hauke Laging: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? Honestly now, do you think having a FAQ entry stops this topic resurrecting every few months? Either someone will take issue with what is said in the FAQ, or they (most likely) do not read it at all. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
tim.kac...@gmail.com wrote: I think it should be okay to dredge up this topic ever couple years. From what I am reading, links below, I do not feel comfortable with the key length and algorithmic security offered by GPG's defaults. I have not been able to figure out how to get keylengths greater than 3072 for DSA/elgmal or 4094 rsa, so I conclude that generating them is unsupported by GPG although GPG can use them. I have seen many people saying that these types of key lengths are way more than anyone could reasonably need, but I am skeptical. I am involved in a local Occupy (bet you thought occupy was kaput eh? well as it were known it is but that's another story) and frankly we aren't just up against one intelligence agency, but all intel agencies put together. An entire global class of people. You can argue that they may be uninterested in me, however I don't buy that argument at all because they have spent (possibly a lot) more than a thousand dollars at least on me personally at this point I am sure in policing costs to try to survielle and intimidate me, after you divide down. I was wondering... Does your group communicate with one another using cell phones? I ask not because of the irony of protesting globalization on cell phones, but because of the cell phone industry's woefully poor record on ecryption technology. What about WiFi? Do the public Access Points you all use use encryption? Is it stronger than WEP? what about someone plugging in a Snooper in the wiring closet of that StarBucks or McDonald's? _IF_ THEY are /really/ watching you, they've used cameras to watch you type in your passphrase, and windows and Gmail passwords. They may have used a weakness in CIFS to copy your keyrings. All this and you're worried about overkill on the one place they WON'T attack? No one attacks the crypto. They're are too many easier routes. If you're /really/ worried about privacy and security, get your priorities straightened out. bin Laden didn't use cell phones, not because he was a techno-Luddite, but because he understood the risks of using them. You need to get a handle on all the risks of all the technology you use. -John PS: Leave the tinfoil hat at home, it draws undue attention to you. -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 3:10 PM, Avi wrote: Didn't you already write a pretty good one one, Robert? http://sixdemonbag.org/cryptofaq.xhtml It's hubris for an author to refer to his own work. :) Also, that FAQ is in desperate need of a rewrite. Nothing in it is wrong, per se, but it needs a rewrite. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, May 22, 2012 at 1:50 PM, gnupg-users-requ...@gnupg.org wrote: -- Forwarded message -- From: Robert J. Hansen r...@sixdemonbag.org To: gnupg-users@gnupg.org Cc: Date: Tue, 22 May 2012 14:40:07 -0400 Subject: Re: Some people say longer keys are silly. I think they should be supported by gpg. On 5/22/12 2:26 PM, Hauke Laging wrote: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? I think so, yes. The question is who's going to write it? I suspect Werner doesn't have the time. If he wants, I would be happy to take a stab at writing it. Didn't you already write a pretty good one one, Robert? http://sixdemonbag.org/cryptofaq.xhtml --Avi User:Avraham pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) avi.w...@gmail.com Primary key fingerprint: 167C 063F 7981 A1F6 71EC ABAA 0D62 B019 F80E 29F9 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 13:48:26 -0500 John Clizbe articulated: All this and you're worried about overkill on the one place they WON'T attack? No one attacks the crypto. They're are too many easier routes. If you're /really/ worried about privacy and security, get your priorities straightened out. bin Laden didn't use cell phones, not because he was a techno-Luddite, but because he understood the risks of using them. You need to get a handle on all the risks of all the technology you use. Interestingly enough, Khalid Sheikh Mohammed turned on his cell phone for the first time in nearly a year and the NSA was able to pinpoint his location and arrest him in Rawalpindi, Pakistan, in March 2003. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
Am Di 22.05.2012, 14:46:03 schrieb Kevin Kammer: On Tue, May 22, 2012 at 08:26:14PM +0200 Also sprach Hauke Laging: Given the frequency of this discussion and the amount of effort takes by the participants: Wouldn't it make sense to make this a FAQ entry? Honestly now, do you think having a FAQ entry stops this topic resurrecting every few months? No, but I don't see that as a problem. I think the question / proposal would come up at about the same frequency but would end in one reply pointing at the FAQ entry instead of now (do you want to count...?) emails. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On Tue, 22 May 2012 20:40, r...@sixdemonbag.org said: I think so, yes. The question is who's going to write it? I suspect Werner doesn't have the time. If he wants, I would be happy to take a stab at writing it. Please go ahead. Plain text optionally with org-mode formatting. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 22-05-2012 12:33, Jerry escribió: ... that sort of logic. What really amazed me though was that the OP wants security and yet he uses GMail. GMail and security are diametrically opposed concepts. Why? If I send an encrypted message, it doesn't matter if I use gmail, ISP-expensive-crap-mail or any other provider, the message would still be encrypted end-to-end. Of course I'm not talking about composing a message in the webmail editor and then encrypting it, but about using a MUA, like Thunderbird, or maybe composing the message on a text editor, encrypting it and pasting it on the message body (or attaching the encrypted text file). Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJPvD0yAAoJEMV4f6PvczxA0BAH/A2prkdtv6LcIC6U1PQcId3v BBbeLL8VeqBZq+XDYqBM1GP56BLH1CFWOXaSrEiIhPsLtaF6TkJLHfA5GEbSwQ+j RkyI5MN1M88ZyTlvbdvm0uSiLzFXEmp9Jtqlwr58C29oTvI1JFwD9SxVKXmOwnSP GHRgG7HBwSiBDFbSnjALE9nW6cDD1J6LwJaGvkD4tmKkJLqPzimoBnJ+o8P3TbdB /AnhGlwaxlQQd0+5cxCiGBZ1NfZAZGmMWqD/1IE3bZMIs3hp/JkA4MDUwP5E8z25 N/nQPgoNb9iaFy0yozycZLEq4qDBHQxvLQNK79tSBe5+B2QJmPEYglxzserNfXA= =o2WG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 22-05-2012 8:34, da...@gbenet.com escribió: ... Some say that all the power of the universe - and all the time its been in existence will not crack a 2048 bit key with a secure passphrase. So by the time the universe is well and That is about if you secret key falls in the hands of somebody wanting to use it. But factoring your public key to obtain a working copy of your secret key is certainly something that may be done before the end of time, and won't require dyson spheres to power the machine. We know one day RSA 2048 will be broken... BUT, the question is: will it matter to us when it happens?. Maybe I will say Finally! I will be able to revoke that orphan key I uploaded to keyservers when I was learning how to use GPG... if I could remember the UID it had. We can use RSA 2048 and wait until something stronger is available, or we can go RSA 3072 and be even safer. Or we can even go RSA 4096, and people will say that's an overkill!!!, all that without modifying GnuPG. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJPvEA5AAoJEMV4f6PvczxAMwoH+wWn0YnqWTjBYe3NIvYaGQyW oIvUsAQu5B9xVRP1wN7f0OJFKoPevcaI0pU5erAs6RGpiHmd35oLYzxGEpsCWE26 YJ37m3mBJCGRk0aOkthT6ugDJ4fEHsm5toj2si9ItJNLq2374+8GMoz++c6Vpbf/ b/y/LaWO3eeZXhtdBCC8OSYKdZiUQ1DYBBFT6WAickgYQJ+hYtRhiq2JQq9SicCA KkWEj/NVB7esOMVoVcrQzAxbivgqKwUyGjpOVTmPlnz2lx19t3j5TAucM9Vhrsab wfY3u4dW6T6X24Pv6WEZmyb14JgEAsK8elehU4dyRTKA+OzOAZr1ihcNOODC/Yg= =I24B -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
On 5/22/12 9:41 PM, Faramir wrote: [F]actoring your public key to obtain a working copy of your secret key is certainly something that may be done before the end of time, and won't require dyson spheres to power the machine. I'm not so optimistic. Factoring is a hard problem. We may never develop the technology to factor extremely large composites. Doing so would require either (a) the development of extremely large-scale quantum computing, (b) a mathematical proof of P=NP, or (c) classical computers that run close to the thermodynamic limits of the universe. There are no guarantees we will ever develop any of those three technologies. That said, no one has ever proven that the only way to break RSA is to factor large composites. That's wholly conjecture, and there's some evidence that it's not true. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Some people say longer keys are silly. I think they should be supported by gpg.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 22-05-2012 4:58, tim.kac...@gmail.com escribió: ... There are also estimates made that in the US 1 in 6 protestors is actually a government agent of one sort or another, dept of defense, homeland security, fbi what have you. And that exludes any thugs the bankers put in the crowd as privately hired types. If that's the case, it is very likely you will send your messages encrypted to the Super-Secure 32.768 bits RSA key belonging to infiltrated agent... which of course won't have to break the key to read it, because he already has the key. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJPvEXKAAoJEMV4f6PvczxAcLkH/3dOjOpou//Auk4bIwizLodI u6PvxBYW8P0rrdg3/1QUDWoj2mXA6AoaihbPe5LcmXH3fTgA06Y3i1zndzAfAPrD 7IGve7Km08ew6muutPmKnq0jk8nHhLJ6b1P1llD8ePky5nsppBVH0kT9gNFDQzbv oRXLs4hcKS3DIs49BQnQswE8upgl72HcR9ozU95ptTsayewv1n57PZg+cj8o0dNT N56kZ1YfJqZqx8uImV1fT8Oh658V5HDn3Fvx58s6M5r6WVbGynN9ZyPeL3uFNYpQ wtZNHKK4Zc7XE/7n87IUy6/D8bH+rQTvbHWBiYa0rhs7H5JJqejEnkZMRSCPUsg= =yKPa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
