On Tue, 17 Dec 2013 05:23, shm...@riseup.net said:
use the new 1.6.0, do i need to uninstall gnupg libcrypt and then
compile both again together, and re-install ?
1.6.0 has a new SO number so there are no runtime conflicts. However,
to avoid building problems, better de-install or overwrite
On Tue, 17 Dec 2013 00:11, adrela...@riseup.net said:
compatibility, you can never reduce complexity. Less complexity means
more simplicity, thus perhaps more usability. In my experience, projects
[ You may want to start getting rid of software which is run on your
computer without you being
Hello, Gnupg-users.
I have 2 systems, where I use gpg, lets name them A and B. I did this sequence
of commands:
(1, on A) generate key pair
(2, on A) add 2 more UIDs to key pair (3 in total)
(3, on A) send public key to public server
(4, on A) copy private keyring to USB stick
(5, on B) copy
On Tue, 17 Dec 2013 04:05, mi...@micahflee.com said:
torproject.org is pretty much an ideal example. They serve binaries of
Tor Browser Bundle from https://www.torproject.org/ and have been
attacked by governments all over the world, so they've put a lot of time
and energy in doing things
On Mon, 16 Dec 2013 20:32, mi...@micahflee.com said:
Ahh, it's good to know that gnupg.org is available for https. But I
would guess a very small percentage of your visitors use it, or even
know that it's available.
Well, bowsers could first try to use https. Would it help them to provide
a
On 14/12/13 21:27, Zechariah Seth wrote:
Will GnuPG blogs be cross-posted to the gnupg-users list? :)
I could do that if others are happy with the idea. Any objections? Werner?
Best,
Sam.
--
Sam Tuke
Campaign Manager
Gnu Privacy Guard
Tel: +49 176 81923811
IM: samt...@jabber.fsfe.org
On 12/17/2013 08:53 AM, Sam Tuke wrote:
On 14/12/13 21:27, Zechariah Seth wrote:
Will GnuPG blogs be cross-posted to the gnupg-users list? :)
I could do that if others are happy with the idea.
If the expected volume is low-ish (e.g. no more than once a week or so)
i think that would be a
On 17/12/13 16:07, Daniel Kahn Gillmor wrote:
If the expected volume is low-ish (e.g. no more than once a week or so)
i think that would be a great thing to do.
Yes it's unlikely to be more than that.
Best,
Sam.
--
Sam Tuke
Campaign Manager
Gnu Privacy Guard
Tel: +49 176 81923811
IM:
On Mon, 16 Dec 2013 21:35, d...@fifthhorseman.net said:
Werner, if i can help with configuring or maintaining the web server for
gnupg.org to address some of these issues, please let me know.
Yes, I have problems to figure out a woking cipher list which also
allows for IE. What DHE cipher
On Tue, 17 Dec 2013 14:53, samt...@gnupg.org said:
I could do that if others are happy with the idea. Any objections? Werner?
No.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi! What encryption algorithm do we use in OpenPGP
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.21 (GNU/Linux)
Comment: MacGPG2 - http://www.gpgtools.org/macgpg2.html
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
On Tue, 17 Dec 2013 16:07, md...@nycap.rr.com said:
Hi! What encryption algorithm do we use in OpenPGP
The defaults for the public key algorithm is RSA with a 2048 bits. For
the symmentric session key the default algorithms are
AES256, AES192, AES256, CAST5-128, 3DES
where gpg picks
Hi Matt--
On 12/17/2013 10:07 AM, Matt D wrote:
Hi! What encryption algorithm do we use in OpenPGP
OpenPGP has algorithm agility, meaning that it's possible to use
different encryption algorithms at different times in the same
cryptographic framework. encrypted OpenPGP messages are generally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 11:09 AM, Daniel Kahn Gillmor wrote:
Hi Matt--
On 12/17/2013 10:07 AM, Matt D wrote:
Hi! What encryption algorithm do we use in OpenPGP
OpenPGP has algorithm agility, meaning that it's possible to use
different encryption
On Dec 17, 2013, at 11:31 AM, Matt D md...@nycap.rr.com wrote:
On 12/17/2013 11:09 AM, Daniel Kahn Gillmor wrote:
Hi Matt--
On 12/17/2013 10:07 AM, Matt D wrote:
Hi! What encryption algorithm do we use in OpenPGP
OpenPGP has algorithm agility, meaning that it's possible to use
Why would anyone choose AES-128 instead of something more secure,
say AES-256?
More secure is sort of ... missing the point. It's sort of like
arguing over whether King Kong or Godzilla is better at urban
destruction. We choose between ciphers principally based on features
other than
Hi! What encryption algorithm do we use in OpenPGP
It depends a lot on how you have GnuPG configured and how your
recipient's certificate is configured.
For asymmetric encryption, either RSA or Elgamal will be used.
For symmetric encryption, one of Twofish, AES256, AES192, AES128,
Hi there,
gpgsm has the option encrypt-to, which is not mentioned in the man
page. Is that option stable or might it disappear in the future?
Thanks
Jens
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 12:02 PM, Robert J. Hansen wrote:
Why would anyone choose AES-128 instead of something more secure,
say AES-256?
More secure is sort of ... missing the point. It's sort of like
arguing over whether King Kong or Godzilla is better
Robert J. Hansen:
We think...
If you're writing on behalf of a group, I would love to know the name of
the group and the names of its members. Otherwise, I can only assume
you are suffering a mental illness and are speaking for the multiple
voices in your head -- either that or else
On 12/17/2013 10:37 AM, Werner Koch wrote:
On Mon, 16 Dec 2013 21:35, d...@fifthhorseman.net said:
Werner, if i can help with configuring or maintaining the web server for
gnupg.org to address some of these issues, please let me know.
Yes, I have problems to figure out a woking cipher list
On Tue, Dec 17, 2013 at 12:41 PM, Matt D md...@nycap.rr.com wrote:
How can I find whats on my list?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You can see what is in your list with the 'showpref' command
whilst in the key editing menu.
Avi
-BEGIN PGP SIGNATURE-
Version: GnuPG
Hi there,
after I imported my private key into gpgsm, it was not trusted for
signatures by gpgsm, because the root CA was not trusted.
After enabling allow-mark-trusted in gpg-agent.conf, gpg-agent asks
whether I trust the root CA. Saying yes creates
~/.gnupg/trustlist.txt with the root
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 02:28 PM, Robert J. Hansen wrote:
Thanks a bunch that was easy. So mine is 2048 with AES-256.
Lets assume the people I email have the same preferences. So how
long, and at what cost would it take to brute force crack a captured
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/17/2013 11:40 AM, C. Rossberg wrote:
| How about an RSS-Feed.
|
| This would be a nifty trade-off.
I thought an RSS feed would be a given. I was responding to the idea of
sending the posts directly to the list. No reason not to do both IMO.
On 12/17/2013 01:22 PM, Robert J. Hansen wrote:
With respect to 2048-bit crypto, don't believe the hype. Most users and
most purposes will still be well-served with even a 1024-bit key. No
one with half a brain is going to bother trying to break RSA-1024; they
will instead come up with more
Thanks a bunch that was easy. So mine is 2048 with AES-256. So whats
all the complaining about the defaults?
Well, yes and no.
When you encrypt an email for someone else, two *different* preference
lists are consulted. The first is found in gpg.conf (or, if it's not
there, it uses
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/17/2013 05:53 AM, Sam Tuke wrote:
| On 14/12/13 21:27, Zechariah Seth wrote:
| Will GnuPG blogs be cross-posted to the gnupg-users list? :)
|
| I could do that if others are happy with the idea. Any objections? Werner?
How about a synopsis
Am Di 17.12.2013, 15:57:54 schrieb Daniel Kahn Gillmor:
RSA 1024 falls
in at the equivalent of about 73 bits of symmetric cipher. According to
the authors, this is Short-term protection against medium
organizations, medium-term protection against small organizations, not
a First World
On Tue, 17 Dec 2013, Doug Barton wrote:
On 12/17/2013 05:53 AM, Sam Tuke wrote:
| On 14/12/13 21:27, Zechariah Seth wrote:
| Will GnuPG blogs be cross-posted to the gnupg-users list? :)
|
| I could do that if others are happy with the idea. Any objections? Werner?
How about a synopsis and
(Definitely Godzilla) But why do people tell me that DH, DSA, and RSA
under 2048 are unacceptable?
I have to let my cynicism shine through, unfortunately.
For the vast majority of the population, cryptographic technologies
are a giant black box. The popular view is that it's something only
On Tue, 17 Dec 2013 18:52, d...@fifthhorseman.net said:
I think it depends on what flavor of IE you're using (and what version
of the underlying OS you're using as well). The version of schannel in
Seems so. I updated my Windows 7 box to IE11 with no channel. Maybe I
need to update more.
On Dec 17, 2013, at 1:53 PM, Matt D md...@nycap.rr.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 01:37 PM, David Shaw wrote:
On Dec 17, 2013, at 12:41 PM, Matt D md...@nycap.rr.com wrote:
How can I find whats on my list?
gpg --edit-key (thekey) showpref
You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/17/2013 01:09 AM, Lev Serebryakov wrote:
| Is it possible to synchronize UID list without transferring new
version
| of private key from B to A by external means?
No.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)
On Tuesday, December 17, 2013 at 12:49 PM, adrelanos adrela...@riseup.net
wrote:
The person who agreed with me:
carlo von lynX
Also the autor of 15 reasons not to start using PGP. [1]
Cheers,
adrelanos
[1] http://secushare.org/PGP
=
All of his reasons are easily countered.
In the
On Tue, 17 Dec 2013 18:32,
clou...@informationelle-selbstbestimmung-im-internet.de said:
gpgsm has the option encrypt-to, which is not mentioned in the man
page. Is that option stable or might it disappear in the future?
It is stable - just missing in the man page.
Shalom-Salam,
Werner
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 01:37 PM, David Shaw wrote:
On Dec 17, 2013, at 12:41 PM, Matt D md...@nycap.rr.com wrote:
How can I find whats on my list?
gpg --edit-key (thekey) showpref
You can see your own, or anyone else's preference list that way.
Note
All of his reasons are easily countered.
Looking over it, my impression is that his principal criticism is, It
is not all things to all people.
To which my response is -- nothing in this world is, so why should
OpenPGP be any different? OpenPGP provides a useful set of
capabilities and
On Dec 17, 2013, at 12:41 PM, Matt D md...@nycap.rr.com wrote:
How can I find whats on my list?
gpg --edit-key (thekey)
showpref
You can see your own, or anyone else's preference list that way. Note that
each user ID (or photo ID) has its own preference list.
David
On Tue, 17 Dec 2013 18:57,
clou...@informationelle-selbstbestimmung-im-internet.de said:
Is there a way to mark intermediate CAs as trusted so that all
certificates issued by them become usable?
Sorry, there is currently no such way. The code always walks up to the
root.
Shalom-Salam,
I know that gnupg is experimenting with ECC and I'm wondering which
curves the team has decided to use. I know there are some curves that
are now suspected of being tainted by the NSA through NIST. Has the
gnupg team ruled using those curves out?
Anthony
--
Anthony Papillion
XMPP/Jabber:
Lets assume the people I email have the same preferences. So how
long, and at what cost would it take to brute force crack a captured
message?
[sigh]
Not this again. I get very tired of answering this question.
The Second Law of Thermodynamics puts a minimum energy requirement on
how much
so strong algorithms by default is a good idea.
Yes, which is why RSA-2048 is recommended.
I don't understand the reasoning by which you have concluded that I am
advocating RSA-1024. I'm not. I think the default of RSA-2048 is a
good one. I'm only saying that for most users and most
Quoting Hauke Laging mailinglis...@hauke-laging.de:
element) to get security. One more wild guess: 99.9% of the
systems on which GnuPG is *actively* used do not even provide the
equivalent
of a 73-bits key.
This is almost certainly true. A couple of years ago Vint Cerf
estimated that
Well, probably not - because in order to apply this energy to your
brute-force calculation process you presumably have some way of
capturing it, thereby making it unavailable for use in the destruction
of the cosmos. :-)
Nope! That thermodynamic analysis is how much heat you have to dump
in
On 12/17/2013 2:54 PM, Robert J. Hansen wrote:
The amount of energy we're talking about here is so large there is a
non-zero chance it would disturb the false vacuum of spacetime and
annihilate the cosmos.
Well, probably not - because in order to apply this energy to your
brute-force
On 12/17/2013 02:59 AM, Werner Koch wrote:
Well, bowsers could first try to use https. Would it help them to provide
a SRV record for this?
The reason is because people often have different websites running on
port 443 than they do on port 80, and people also often have
non-browser-trusted
On 12/17/2013 02:04 AM, Werner Koch wrote:
You must be running with JavaScript enabled ;-). This seems to be from
Piwik, which I recently installed to gather web statistics. I am not
really happy with that but my campaign manager said that it is really
needed and that organization like the
ved...@nym.hush.com:
On Tuesday, December 17, 2013 at 12:49 PM, adrelanos adrela...@riseup.net
wrote:
The person who agreed with me:
carlo von lynX
Also the autor of 15 reasons not to start using PGP. [1]
Cheers,
adrelanos
[1] http://secushare.org/PGP
=
All of his reasons
On 12/17/2013 05:04 PM, Robert J. Hansen wrote:
I don't understand the reasoning by which you have concluded that I am
advocating RSA-1024. I'm not. I think the default of RSA-2048 is a
good one. I'm only saying that for most users and most purposes,
RSA-1024 is sufficient; to reach
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/17/2013 03:01 PM, Micah Lee wrote:
| I hesitate to pay the highwaymen.
| Yeah...
|
| The problem is you're wanting to make GnuPG go mainstream but then you
| end up with people seeing this:http://i.imgur.com/53nvUqm.png
+1
I've made the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 04:54 PM, Robert J. Hansen wrote:
Lets assume the people I email have the same preferences. So
how long, and at what cost would it take to brute force crack a
captured message?
[sigh]
Not this again. I get very tired of
what about the 2048-bit DSA part of it?
Search the list archives, please -- this question has been asked and
answered a great number of times.
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
I never attributed RSA-1024 to you: i'm merely pointing out that
good enough for virtually all users and virtually all purposes is
the wrong way to select choices that we want to cover the most
vulnerable targets.
Perhaps: but that's not what I was responding to. The original poster
was
I never attributed RSA-1024 to you: i'm merely pointing out that good
enough for virtually all users and virtually all purposes is the
wrong way to select choices that we want to cover the most vulnerable
targets.
Sorry for the double response -- I thought I'd included this in my
previous
On 12/17/2013 04:10 PM, Doug Barton wrote:
I have no connection to StartSSL other than satisfied non-paying
'customer' but they do the trick, and the price is right. There are
other free options as well, as was pointed out here recently. It doesn't
matter to me which one y'all choose, but
On 12/17/2013 08:27 PM, Robert J. Hansen wrote:
Yes -- but no one is claiming that 112-bit keyspaces are vulnerable
today, or at any time within the near future. Further, moving to a
128-bit keyspace is not, IMO, any sort of a real win: you're only
gaining 16 bits of keyspace. At most you're
Hi Werner.
Am 17-12-2013 16:37, schrieb Werner Koch:
On Mon, 16 Dec 2013 21:35, d...@fifthhorseman.net said:
Werner, if i can help with configuring or maintaining the web server
for
gnupg.org to address some of these issues, please let me know.
Yes, I have problems to figure out a woking
On 12/17/2013 08:45 PM, Micah Lee wrote:
As far as I know these preload lists only force HTTPS for these domains.
I wonder if anyone could convince the browser vendors to also do
certificate pinning, bypassing PKI based on CAs altogether?
I believe the answer for public-key-pinning is the same
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 08:07 PM, Robert J. Hansen wrote:
what about the 2048-bit DSA part of it?
Search the list archives, please -- this question has been asked
and answered a great number of times.
OK, I see. So . . . if brute force is impossible,
On 12/17/2013 9:20 PM, Daniel Kahn Gillmor wrote:
sigh. weakest link analysis is clearly useful, and just as
clearly not the only analytic tool to use.
I don't understand your position. First you're saying, we currently
have 112 bits of keyspace, we need at least 128, and then you're saying
On 12/17/2013 9:41 PM, Matt D wrote:
OK, I see. So . . . if brute force is impossible, then what sort of
an attack is possible?
Too many to list. Depends largely on your attacker's budget and the
constraints of their operation. For instance, if I don't care if you
know I've compromised your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 10:33 PM, Robert J. Hansen wrote:
On 12/17/2013 9:41 PM, Matt D wrote:
OK, I see. So . . . if brute force is impossible, then what sort
of an attack is possible?
Too many to list. Depends largely on your attacker's budget and
On 12/17/2013 10:57 PM, Matt D wrote:
Lets assume I run Ubuntu live from USB stick or cd when I need secure
messaging so an attacker cannot predict what machine i will send my
message from and there will be nothing left on the machine. The
encrypted message is captured but the adversary does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/2013 11:02 PM, Robert J. Hansen wrote:
On 12/17/2013 10:57 PM, Matt D wrote:
Lets assume I run Ubuntu live from USB stick or cd when I need
secure messaging so an attacker cannot predict what machine i
will send my message from and there
On 12/17/2013 10:28 PM, Robert J. Hansen wrote:
On 12/17/2013 9:20 PM, Daniel Kahn Gillmor wrote:
(i'm glad you still feel they're trustworthy, even in the context of
them having issued a deliberately bad RNG, and their keylength
recommendations being weaker than everyone else's!)
That's a
So in other words the message can not be read by some govt genius with
a rack of computers??
How would I know? Ask a government genius with a rack of computers.
I don't know the extent of the government's capabilities, nor do I want
to. That's the kind of knowledge that normally comes with
It's bad simply because it's far slower than other comparable RNGs
that were standardized at the same time. I did *not* claim it was
deliberately backdoored, and i certainly didn't claim it was
backdoored by NIST.
Then why did you use it as a I'm glad you can still trust them even
after
On 12/18/2013 12:29 AM, Robert J. Hansen wrote:
A flawed standard is just that, a flawed standard. It's not a cause for
a crisis of trust in an outfit that has enjoyed the community's trust
for many decades.
Sorry, but NIST does face a crisis of trust, particularly in the area of
69 matches
Mail list logo