On 27.10.2013 2:09, Robert J. Hansen wrote:
The name of the game is economics. How much is the secret worth? If
it's worth $50,000 of computer equipment and cryptanalysis, then it's
also worth a $50,000 bribe, a $50,000 payment to a professional thief to
break in and plant keyloggers,
Often there is also value in breaking crypto so that the targeted
crypto users don't know it has been broken and thus continue to use
it (the algorithm and/or the specific key). If a big government
organization (take your pick) had broken algorithm/keysize xyz, would
they tell anybody?
Hard
On Sun, 27 Oct 2013 00:29, r...@sixdemonbag.org said:
Hi! I'm the quasi-official FAQ maintainer. You can read the current
text of the FAQ at:
While we are at it. What about making it the official one, i.e. change
the licenses to CC-by-ca/GPL? Given the importance of a FAQ I think we
should
On Sat, 26 Oct 2013 22:03, o...@mat.ucm.es said:
know by the date of the certificate which certificate to use for which
message?
- old for old messages
Note, that there is no need for a certificate for decryption - only the
private key is required. The certificate is only used to show
Hi,
On Sat, Oct 26, 2013 at 06:29:26PM -0400, Robert J. Hansen wrote:
On 10/26/2013 3:40 PM, Sylvain wrote:
Thanks for your answer. To foster spending less time on these
discussions, how about this? :)
Hi! I'm the quasi-official FAQ maintainer. You can read the current
text of the FAQ
Werner == Werner Koch w...@gnupg.org writes:
On Sat, 26 Oct 2013 22:03, o...@mat.ucm.es said:
know by the date of the certificate which certificate to use for which
message?
- old for old messages
Note, that there is no need for a certificate for decryption - only the
On Sun, Oct 27, 2013 at 9:53 AM, Uwe Brauer o...@mat.ucm.es wrote:
Werner == Werner Koch w...@gnupg.org writes:
On Sat, 26 Oct 2013 22:03, o...@mat.ucm.es said:
know by the date of the certificate which certificate to use for which
message?
- old for old messages
If you generate a new keypair for the new certificate (which is
probably a good idea) then gpgsm (and presumably any other
certificate-using software) will figure out what private key will be
needed to decrypt a particular message and, so long as you still have
the private key
On Sun, Oct 27, 2013 at 11:01 AM, Uwe Brauer o...@mat.ucm.es wrote:
If you generate a new keypair for the new certificate (which is
probably a good idea) then gpgsm (and presumably any other
certificate-using software) will figure out what private key will be
needed to decrypt
On Sun, 27 Oct 2013 10:23, p...@heypete.com said:
Correct, though it is possible (but usually recommend against) to
create a new certificate using the same private keypair as before. In
The business model of most CAs is to sell you a subscription by setting
the expiration time very low so that
On 26-10-2013 14:13, Werner Koch wrote:
4k primary RSA keys increase the size of the signatures and thus make
the keyrings longer and, worse, computing the web of trust takes much
longer.
Yes, which leads to another question: why has the default switched from
ElGamal/DSA to RSA after the RSA
On 27/10/13 12:15, Johan Wevers wrote:
The only one I can think of is less dependence of a correctly functioning
RNG.
I think this is a very important one, as we've seen with the debacle with
OpenSSL in Debian where DSA keys were compromised even when just used to create
a signature[1].
But I
On 2013-10-27 12:30, Peter Lebbing wrote:
I think this is a very important one
Hmmm you press Send and you think: I might have overstated that.
Where's unsend? I think it's a real advantage of RSA. I don't think it's
a very important one, because other broken parts can compromise stuff
just
On 27-10-2013 12:30, Peter Lebbing wrote:
But I can think of another one: much more hardware support. Both smartcards
and
crypto-accelerators either in a general purpose CPU or as a module in a
computer.
I had not thought of the crypto cards, but the only crypto hardware
acceleration in
On Sun, 27 Oct 2013 12:15, joh...@vulcan.xs4all.nl said:
ElGamal/DSA to RSA after the RSA patent expired? Does RSA have any
advantages over ElGamal/DSA? The only one I can think of is less
It is in general faster and there are OpenPGP implementations which only
support RSA (despite that the
Yes, which leads to another question: why has the default switched from
ElGamal/DSA to RSA after the RSA patent expired?
Okay, first of all, I'm doing something wrong here, I should group my responses
and think a little longer about it. This is mail, not chat. My apologies.
I think RSA has
On 27/10/13 13:11, Peter Lebbing wrote:
A signature by a 2048-bit DSA key is twice as large as a signature by a
2048-bit
RSA key, but offers the same order of strength.
Oops. I just read Werners message, and I had it reversed :). Taking a look at
RFC 4880, I see that a 2048-bit key has a
On 27-10-2013 13:11, Peter Lebbing wrote:
I think RSA has seen more cryptanalysis than DSA and ElGamal, which is in
favour
of RSA.
Well, both are not broken after substantial research. Further, a break
of ElGamal would also break RSA but not the other way around.
The rest of the arguments
On 27/10/13 13:21, Johan Wevers wrote:
Which makes me think, is it possible to generate a 2048 bit RSA signing
key combined with a 3072 or 4096 bit encryption key?
Yes, although I don't think it makes sense to create an X-bit primary key with a
Y-bit subkey if X is smaller than Y as the
On 27/10/13 12:53, Johan Wevers wrote:
But the few encrypted messages people get via email can easily be handled by
a much slower CPU than I have now. My reading speed is the limiting factor
there, not the computers decrypting speed.
I was thinking of automated systems doing verifications,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 27 October 2013 at 6:42:31 AM, in
mid:526cb5d7.1000...@sixdemonbag.org, Robert J. Hansen wrote:
The NSA never went public with the precise
vulnerability in SHA that caused them to develop and
release SHA-1, but they were quite
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 26 October 2013 at 4:16:32 PM, in
mid:3010964.cdgcmzl...@inno.berlin.laging.de, Hauke Laging wrote:
Why should anyone 25+ years from now spend a huge
amount of resources in order to read a tiny part of
today's everyday
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 26 October 2013 at 12:39:58 AM, in
mid:910f3581-eba2-49b1-89b4-655718ad3...@email.android.com, Paul R.
Ramer wrote:
Well, this assumes that you need 25 years of security.
If your messages *must* remain uncrackable for that
Werner == Werner Koch w...@gnupg.org writes:
On Sun, 27 Oct 2013 10:23, p...@heypete.com said:
Correct, though it is possible (but usually recommend against) to
create a new certificate using the same private keypair as before. In
The business model of most CAs is to sell you a
The two curerent discussions – one about the FAQ, the other one with we
discussed that back then statements – make me guess whether it makes sense to
link such threads in the FAQ.
BTW: Where is the FAQ? I hope this question does not seem too stupid... The
one one gnupg.org calls itself
Hi,
On 10/26/2013 02:13 PM, Werner Koch wrote:
On Sat, 26 Oct 2013 11:35, b...@beuc.net said:
Plus, following this principle, why doesn't gnupg default to 4096 if
there isn't any reason not to? I would suppose that if gnupg defaults
4k primary RSA keys increase the size of the signatures
On 10/27/2013 01:32 PM, Peter Lebbing wrote:
(...)
But the following layout is sensible on some level:
Which more or less means exactly nothing.
3072-bit RSA primary for certification (C)
2048-bit RSA subkey for data signatures (S)
3072-bit RSA subkey for encryption (E)
(...)
On 10/27/2013 7:15 AM, Johan Wevers wrote:
Does RSA have any advantages over ElGamal/DSA?
It's simpler to implement. That's a nontrivial benefit.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 10/27/2013 8:21 AM, Johan Wevers wrote:
Well, both are not broken after substantial research. Further, a break
of ElGamal would also break RSA but not the other way around.
If you can compute discrete logs in a finite field, then you can factor,
yes, and the reverse is not guaranteed to be
On 10/27/2013 10:04 AM, MFPA wrote:
Which raises the question in my mind: was SHA really flawed, or was it
advantageous to NSA's purposes to have people use SHA-1 instead?
It's amazing what you can discover by checking Wikipedia.
SHA was deeply flawed. The civilian cryptanalytic community
On 10/27/2013 10:41 AM, MFPA wrote:
Couldn't a cryptographically broken algorithm also raise the problem
of forged digital signatures?
Yes and no. The mistake people make when discussing digital signatures
is to treat them as a purely mathematical exercise rather than as
something that exists
On 10/27/2013 10:54 AM, Hauke Laging wrote:
BTW: Where is the FAQ? I hope this question does not seem too stupid...
I posted a link to it yesterday.
https://github.com/rjhansen/gpgfaq/blob/master/gpgfaq.xml
___
Gnupg-users mailing list
On 10/27/2013 12:47 PM, Filip M. Nowak wrote:
All this comes with a price of
increased processing power requirement and most of the hardware vendors
are doing really good here (really happily).
In the embedded space it's still quite common to see 8-bit processors
used as PICs. We're just
List, Robert.
On 10/27/2013 06:36 PM, Robert J. Hansen wrote:
On 10/27/2013 12:47 PM, Filip M. Nowak wrote:
All this comes with a price of
increased processing power requirement and most of the hardware vendors
are doing really good here (really happily).
In the embedded space it's still
On 27/10/13 19:09, Filip M. Nowak wrote:
1) Specialized microcontrollers with crypto capabilities are available
and used for years now (AVR XMEGA which is 8 bit for example)
AVR XMEGA has DES and AES, no asymmetric acceleration. Also, I think the market
of XMEGA is phenomenally tiny compared to
Hi,
On 10/27/2013 07:47 PM, Peter Lebbing wrote:
On 27/10/13 19:09, Filip M. Nowak wrote:
1) Specialized microcontrollers with crypto capabilities are available
and used for years now (AVR XMEGA which is 8 bit for example)
AVR XMEGA has DES and AES, no asymmetric acceleration. Also, I think
On 27-10-2013 18:36, Robert J. Hansen wrote:
Consumer-grade hardware is a decadent Garden of Eden. However, the tiny
little processor that monitors chemical levels at your local water
treatment plant is going to be embarrassingly low-powered.
That's fine, but I doubt I'll ever email such a
On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:
Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us? Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA keys, and one 8k RSA key. For
security reasons key
Hello,
On 10/27/2013 08:41 PM, Werner Koch wrote:
On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:
Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us? Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA
Robert J. Hansen r...@sixdemonbag.org wrote:
Let's say that tomorrow I lose my passphrase and make a new keypair.
Then in 25 years someone approaches me with a signed OpenPGP message
dated Christmas 2013, saying I agree to pay you one million dollars at
Christmas 2038. I scream it's a forgery,
Am 27.10.2013 20:41, schrieb Werner Koch:
On Sun, 27 Oct 2013 17:47, gn...@oneiroi.net said:
Numbers please? Or are you talking about personal/subjective impressions?
What about you running some benchmarks for us? Let's say: a 4k RSA key
signed by 90 other 4k RSA keys, 8 2k RSA keys, and one
On 10/27/2013 4:21 PM, Mark Schneider wrote:
Are there formal reasons why the max length of the RSA key is limited in
gnupg[2] linux packages to 4096 Bits only?
Yes; because past 3072 bits it's time to go to something other than RSA.
Several respectable organizations (not only NIST) have done
I set up ssh authentication a long time ago according to the second half
of this guide (with smartcard):
http://www.programmierecke.net/howto/gpg-ssh.html
It worked without an issue until I recently upgraded to Ubuntu 13.10.
After the upgrade I had to disable the gnome-keyring-ssh and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 03-10-2013 17:48, Alejandro Szita escribió:
Dear All,
I am a new member to this list, so first of all thank you so much
for your time and consideration in helping me out, I hope I can
return the favour in the near future.
My system runs
44 matches
Mail list logo