Re: Which release should we be using?
On Fri, Aug 26, 2011 at 01:41:41PM -0700, Doug Barton wrote: > Actually I think https://www.xkcd.com/936/ says it better. :) Yep, I was just going to comment that it's obvious that Randall Munroe reads this list :) > On 08/26/2011 11:08, David Tomaschik wrote: > > On Fri, Aug 26, 2011 at 12:31 PM, Faramir wrote: > >> El 26-08-2011 12:35, Aaron Toponce escribió: > >> ... > >>> Also, 62-character passphrase might be a bit extreme, giving you a > >>> false-sense of security. Using a truly random sequence of characters > >>> from the 94-printable ASCII pool of characters, a 12-character > >>> passphrase provides you with about 78-bits of entropy. If you think > >> > >> According to keepass strength measurer, you can get more than 128 bits > >> with just 30 characters (including some symbols of course). > >> > >> Usually we want strong passphrases to keep things safe while stored on > >> not-so-safe places, like attached to an email message on a mail server. > >> > >> Best Regards > > > > I really like KeePass, but the strength measure it provides is nearly > > meaningless. It assumes 8 bits of entropy per symbol, which is, as > > Aaron pointed out, wrong. Suggested readings: > > https://secure.wikimedia.org/wikipedia/en/wiki/Entropy_%28information_theory%29, > > https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength and > > NIST publication 800-63. G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.com PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I had to translate this sentence into English because I could not read the original Sanskrit. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually Anthony, you are correct. It can't be defeated, or at least as far as I know. What I was suggesting was to move the vulnerable part (bootloader and kernel) of the system off to a portable storage device, so it would be easier to keep an eye on. You can just bring it with you wherever you go. Obviously if somebody gets the storage device that contains the unencrypted bootloader and kernel, they can modify it. It's just much easier to bring a tiny flash drive with you compared to a 15.4" laptop. Check out the USB flash drives made by Ironkey, you could even take those in the shower with you! ;) Hope that clears it up, David Manouchehri On 8/26/2011 5:00 PM, Anthony Papillion wrote: > > On 8/26/2011 3:53 PM, David Manouchehri wrote: > > > The Evil Maid attack can't really be defeated, but what you can do to > > help prevent it is encrypt everything, including your /boot. Then, > > start up from a flash drive that contains a LiveUSB with kexec and > > whatever encryption program you used; after that you can load the "real" > > kernel with kexec. Of course, if somebody gets that flash drive it's > > still the same thing. > > Interesting. From what I read on Scheiner's blog and a few other places > at the time, it seemed like a pretty decent attack and it didn't look > like it could be defeated since it was a system attack rather than a > direct attack on the cryptography itself. Of course, we have to look at > risk too: how likely are most of us to have agents sneaking into our > house to secretly install software? Some of us might be pretty likely > though. > > So an Evil Maid attack is even possible if your entire hard disk is > encrypted using TruCrypt isn't it since the bootloader is still exposed > on an unprotected part of the volume. I see Scheiner suggests using a > trusted computing model but then that's easy to defeat if they have > physical access to your machine. So, ultimately, the only real way to > protect from it is the method you're describing. And, since it's much > easier to protect a flash drive than an entire computer, it's almost > infallible. > > Thanks for the info! > > Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOWEVaAAoJEBRGiElwwjoZo3MQAKviv+/+QrMEJoF1Nnf/zg1d 6Uv+UFJYLMOQNZpwCAdnWYZsJPTUiHNLZ93CPHMe22v5fqdFYjWCLjSzoX0DE+op HYvi32WphgB4Zatrju+ilSYUk4IlKq5pj1GcnTKB1OdG7hPXkX5gkHKw9+ak3KwK Ue6WMxDQPnT5hs1MmrcbkuyLMJiWm8aspxCMEGsjAjGEhnJdjbos5eXc0R2u3P1Y yNVTe0vbABwat2lVQQAWydMEBPU8IQNTpIehHsI89po/y+EcsG2G2KQddl2QqCnj ODn8KL6taPdednuuxR/1cUBi0UCitwvLlSvwzB08DUSnt8skbtNjODvdrIEvxNio RRStoCLSersF1EhZAMaSo267GTDqieUeuO5xQV/Js6IiI/s7L6qJqkXwznmWqEXZ DqBwyVMFctL4gUGgTYdMDcRjc+1tKuQz4iEBjCTNywXWTl5uW5GJvbS1nu6sxkDW jC09H93jvCB/qpPl0dKHhma3ig/osQ+44GzGLXUIi/Z4ceak37T33a9Nd9kVVxsJ KGX2gJfy9v7x/t/C6f27s66dCRpFYvN5jXdbRdKa5lW5u+Qkjez8H3gKXmjblnc6 cFOMSf2zJLN84cF1h5/4MhVFlSTsi74xyNvQlfYJMCget48EGn87S57YknPDyhSP YG6nhqwPkgILed0SZkWd =TQtE -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/26/2011 16:45, Peter Pentchev wrote: > On Fri, Aug 26, 2011 at 01:41:41PM -0700, Doug Barton wrote: >> > Actually I think https://www.xkcd.com/936/ says it better. :) > Yep, I was just going to comment that it's obvious that Randall Munroe > reads this list :) Well, like most of us I'm sure, I'm a big fan. So I would be thrilled to know that my post about that was the germ of an idea for him. OTOH that link was around for quite a while before I posted it here, so I'm perfectly satisfied chalking it up to GMTA. Doug PS, Randall if you *are* lurking here, congratulations to you and yours re https://www.xkcd.com/943/ :) - -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (FreeBSD) iQEbBAEBCAAGBQJOWDsLAAoJEFzGhvEaGryEt/QH92jYssFuCRWfrk2SNGvbM+ko DlDkMqsxR/LsXx9FUcmPIRANnFu2ZgYslH4K+k0dNH9HvPQ29ANzEWnVVXXHLbtg kWw4CAc1Zvzzq9XY8cPQQQ4njhacb4zi2e3EPNdc9ijEHdL7K1ohrYs3ymObtMV/ 4+YsvOiTG/mIcFR3Ikb1oMGVcxVnTwCt995+nQBfEN4k2yabVMo45cgSpIUjBUqZ 1JPpBT7uW2Z71qrxmaVinyr5s4yef/GuQvvBGDrK6xqxeSYM+S1yoxSF7s6krItq VqRaWFB1ASqLye8f0dj5EWw+RkNrTNr1csn0Xo7Bo+UuZ6ChHk53aPqQGbKbZA== =MJke -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Keyrings WAS Signing multiple keys
[some snippage] On 08/26/2011 14:29, Nicholas Cole wrote: > On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton wrote: >>> BTW, this is another one of the reasons that I find the ability to have >> multiple keyrings useful, and would very much miss that functionality if >> it disappeared from gnupg 2.1. > > I know Warner has said all this before, but I sometimes think that too > few people chime in to say, "yes I agree". > > The problem with multiple keyrings is that they introduce all sorts of > corner cases and unpredictable, ambiguous behaviour. This not meant as an attack in any way, shape, or form; but I don't find "It's hard to do right" a compelling argument. The question is whether or not the effort to do it right is worth it relative to the benefits that using multiple keyrings brings. > And actually, > gpg itself is very quick at handling even very large keyrings. Apologies if I haven't made it clear that this isn't even close to being a factor for me. > I *do* see the uses for them. The debian keyring, for example is > huge, and it is useful to be able to selectively include it or not in > the gpg.conf file. But there more I've thought about this, the more I > think that it would be better just to have entirely separate gpg home > directories for this sort of purpose. > > For the case in question, there would be nothing to stop you having a > home directory made specifically for a key-signing party, for example, > importing your signing key into it and using it as your working > directory. '--homedir', not multiple keyrings, seems to me to solve > the problem addressed by multiple keyrings for almost all real-world > cases. That would (sort of) solve the problem of dealing with new keys from a keysigning party, but in other ways it makes things more complex as well (I know, I've tried it). So why do I care so much about multiple keyrings? Let me describe my setup. First the caveat (that I've already offered, but for completeness sake I will offer again). This is WAY more complex than the vast majority of users would need, want, or be able to work with; and I recognize that. But that being said ... I have the following keyrings: 1. My public keys 2. Keys that have signed my key (including cross signatures) 3. Keys that I have signed publicly 4. Keys that I have signed locally I always want to have these keys available, forever. Then in decreasing order of importance I also have: 5. Keys for important contacts 6. The FreeBSD project keyring 7. Keys used to sign software and other stuff that I care about 8. The keyring for the PGPNET and PGPMIMENET groups 9. My pubring 6 and 8 are interesting in this context because while I do strive to keep them up to date manually on a day-to-day basis it's really really easy (using a shell alias) to recreate them by downloading the key file and just creating a new ring with the same name as the old one. As for my pubring, I have the auto-key-retrieve option in gpg.conf so that when I'm reading mailing lists I don't have to be bothered about doing that manually. When it gets too bloated and/or full of wacky stuff I just do 'rm pubring.gpg~ && > pubring.gpg' then refresh what's left. When I go to a keysigning party I either add or create a keyring to represent the new keys, and then migrate them to the appropriate existing ring as I get/send signatures. As I already pointed out my script to generate challenge messages relies primarily on having a keyring to work with, although I did add functionality to do individual keys. Could I find ways to do all of this in a "one keyring to rule them all" world? Sure, with enough effort and creativity. But as Brian already pointed out I'm not the only one who has built functionality around the idea of multiple keyrings, and I suspect that there are a lot more use cases than ours. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing multiple keys
On 08/26/2011 14:56, Nicholas Cole wrote: > On Fri, Aug 26, 2011 at 10:34 PM, Doug Barton wrote: > >> One could certainly argue that my doing this is verification step is >> overly fussy (and you wouldn't be the first), but that's my policy. > > I honestly did not mean to be critical. I didn't take it that way, and wouldn't have cared if you did in any case. :) > I was just struggling to see > the security benefit. After all, all security brings inconvenience, > but not all inconvenience brings security. :-) > > Do you have a particular concern about orphan keys? I have a particular concern that if I sign a key with "I checked carefully" that I really did. Moreover, I have a philosophical prejudice that if I *can't* say "I checked carefully," why bother? That said, I have in the past run across people who still have old e-mail addresses that they no longer have access to on their keys, so it's more than a theoretical issue, for me at least. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Keyrings WAS Signing multiple keys
On Fri, Aug 26, 2011 at 10:29:04PM +0100, Nicholas Cole wrote: > I *do* see the uses for them. The debian keyring, for example is > huge, and it is useful to be able to selectively include it or not in > the gpg.conf file. But there more I've thought about this, the more I > think that it would be better just to have entirely separate gpg home > directories for this sort of purpose. There is a lot of infrastructure in Debian that depends on the ability to have read-only keyrings using a command-line option. If that functionality were to disappear, somebody would patch it in because the breakage would be too great (and needless). If an additional option were required to use multiple keyrings, I would submit a patch to make it the default because otherwise it would break existing functionality. Besides the several different programs that handle key signing parties, dpkg-source would lose the ability to verify packages before unpacking them. apt's archive verification would break. That doesn't include dak, the Debian Archive Kit, which also uses GnuPG and would also break. I expect that most GNU/Linux distributions would also use those patches for the same reasons. Removing the capability from GnuPG would not have the effect of removing the functionality, but only on shifting the maintenance burden. > For the case in question, there would be nothing to stop you having a > home directory made specifically for a key-signing party, for example, > importing your signing key into it and using it as your working > directory. '--homedir', not multiple keyrings, seems to me to solve > the problem addressed by multiple keyrings for almost all real-world > cases. Creating a separate directory and populating it seems silly and wasteful, plus it prevents the storage of multiple, separate keyrings in one directory (like /usr/share/keyrings). If you would like to use the --homedir method, nothing is preventing you from doing that. But breaking existing infrastructure will go over like a lead balloon. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 26-08-2011 15:08, David Tomaschik escribió: > On Fri, Aug 26, 2011 at 12:31 PM, Faramir > wrote: >> According to keepass strength measurer, you can get more than 128 >> bits with just 30 characters (including some symbols of course). ... > I really like KeePass, but the strength measure it provides is > nearly meaningless. It assumes 8 bits of entropy per symbol, which > is, as Aaron pointed out, wrong. Suggested readings: Maybe in past it did that, but version it assigns different values to different symbols. I just tried it, and from a to z, it gives 5 bits each symbol, but ñ gives 7 bits. / gives 4, = gives 5, ! gives 4 bits. But, while a = 5 bits, and != 4 bits, a!= 11 bits. I don't know how it does the calculations, but clearly it has become a lot more complex (which doesn't mean it has become more accurate). Another check: qwerty= 4 bits, but qytrwe= 29 bits. Unfortunately, I couldn't find any detail about the algorithm used to measure the password quality. Anyway, probably some quality checking is better than not checking at all, even if the calculated bits are wrong. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOWBXRAAoJEMV4f6PvczxA/9cH/jkS/lf9v1ZXGi6NsjTmIJbj pp0x7ze4gGolL0kCfS7uHY9asP1n5Lr2a+DSKSkgST67I6VCESDoAZFSu0cXHH5o YKMdXI75Zxjgz2O7iX/JmaQYCAxVOiIM077pzWEaF0w6O7mLaKTBtwZgfWIl0sEj JedfjJ0oWDYkoI5qNOs7tYdCNHFkYrx8Fxqvvwa+YgMu8LubBXSx6EOeFI8+oEYZ kTlh4qJLTziIrScVnV5SuhP0parKcVJSsQhiwUPd4r4ZvtrBxrUwG1JGZscIeLHr 3ekcNhYhVBEN5Ze7JXycbEivrqLS6Cn5BA02Ew48P31ZP+RzEGJ/WvyzO5wGZqE= =Sbtk -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing multiple keys
On Fri, Aug 26, 2011 at 10:34 PM, Doug Barton wrote: > One could certainly argue that my doing this is verification step is > overly fussy (and you wouldn't be the first), but that's my policy. I honestly did not mean to be critical. I was just struggling to see the security benefit. After all, all security brings inconvenience, but not all inconvenience brings security. :-) Do you have a particular concern about orphan keys? Best wishes, Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing multiple keys
On 08/26/2011 14:18, Nicholas Cole wrote: > On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton wrote: >> http://dougbarton.us/PGP/gen_challenges.html > > Dear Doug, > > I don't mean this in a negative way, but I struggle to see the point > of such challenges. So feel free not to use them. :) > The whole point of OpenPGP is the medium across > which email is transmitted is insecure, and there is a possibility of > a MITM attack. I don't see how this sort of challenge-response does > anything other than confirm that the controller of a key that claims > to belong to a particular email address is also able to intercept and > send messages to and from that address. Yes, that is entirely the point. > The only scenario that it would protect against is where key A claimed > to belong to email address B, but actually did not, and the owner of > key A was actually unable to read messages sent to address B. 2 for 2. > In that case, OpenPGP would be providing no security, but the security > of the email system itself would be such that OpenPGP was unnecessary. > > To put it another way: if you trust the email network sufficiently for > your challenge to be useful, doesn't that mean you don't need > encryption. > > Have I missed something? Well the only thing you seem to have missed is the context in which I use the script, which is my signing other people's keys. It's part of my signing policy that I do not sign a uid unless I'm sure that the holder of the key still has access to it. Similarly this process allows me to verify that they still have access to the key(s). One could certainly argue that my doing this is verification step is overly fussy (and you wouldn't be the first), but that's my policy. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Keyrings WAS Signing multiple keys
On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton wrote: >> BTW, this is another one of the reasons that I find the ability to have > multiple keyrings useful, and would very much miss that functionality if > it disappeared from gnupg 2.1. I know Warner has said all this before, but I sometimes think that too few people chime in to say, "yes I agree". The problem with multiple keyrings is that they introduce all sorts of corner cases and unpredictable, ambiguous behaviour. And actually, gpg itself is very quick at handling even very large keyrings. I know that their removal would mean that some people have to adjust how they use gpg, but I am sure that the end of multiple keyrings would actually be for the best, and I think removing them is right thing to do. In fact, just as at the moment the handling of multiple files needs to be explicitly enabled, I would favour seeing an option to explicitly enable or disable multiple keyrings in the current versions, just because I think that unless users take particular care they can be harmful. I *do* see the uses for them. The debian keyring, for example is huge, and it is useful to be able to selectively include it or not in the gpg.conf file. But there more I've thought about this, the more I think that it would be better just to have entirely separate gpg home directories for this sort of purpose. For the case in question, there would be nothing to stop you having a home directory made specifically for a key-signing party, for example, importing your signing key into it and using it as your working directory. '--homedir', not multiple keyrings, seems to me to solve the problem addressed by multiple keyrings for almost all real-world cases. Best wishes, Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing multiple keys
On Thu, Aug 25, 2011 at 7:21 PM, Doug Barton wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 08/25/2011 11:02, Aaron Toponce wrote: >> On 08/25/2011 11:56 AM, Jameson Graef Rollins wrote: >>> Do you want to sign every key in your keyring? If so, it's not >>> hard to get gpg to enumerate all of your keys in a >>> machine-parsable format (see --with-colons output). If you just >>> want to sign a subset then you obviously have to enumerate all >>> the keys yourself, so either of the above solutions seems pretty >>> easy to me. >> >> If I have a public keyring of all the attendees of the party, then >> I will want to sign every key in that keyring. > > The script below is designed for generating challenges as opposed to > doing the signing, but you may find the bits that iterate the keys on a > ring interesting. > > BTW, this is another one of the reasons that I find the ability to have > multiple keyrings useful, and would very much miss that functionality if > it disappeared from gnupg 2.1. > > > http://dougbarton.us/PGP/gen_challenges.html Dear Doug, I don't mean this in a negative way, but I struggle to see the point of such challenges. The whole point of OpenPGP is the medium across which email is transmitted is insecure, and there is a possibility of a MITM attack. I don't see how this sort of challenge-response does anything other than confirm that the controller of a key that claims to belong to a particular email address is also able to intercept and send messages to and from that address. The only scenario that it would protect against is where key A claimed to belong to email address B, but actually did not, and the owner of key A was actually unable to read messages sent to address B. In that case, OpenPGP would be providing no security, but the security of the email system itself would be such that OpenPGP was unnecessary. To put it another way: if you trust the email network sufficiently for your challenge to be useful, doesn't that mean you don't need encryption. Have I missed something? Best wishes, Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Passphrase length and security. Am I reading this right?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 So in the course of another discussion on this group, I was told that I might not actually need my 160+ random character passphrase for good security. A few URL's were included, including this one (https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength) on password strength. If I'm reading the article correctly, I would really only need a 13 to 16 random character password to achieve the 100+ year protection against brute force attacks. Is that right? Am I really wasting THAT much effort or am I reading this wrong? Thanks, Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) iQIcBAEBCAAGBQJOWArRAAoJEFMVikTZRCu/9QsP/iNq0ZJpciM5mn961S+5Phcl W5n9fZy09Fqk0pu6cLnaAGBoYTJ6zct2mddOS4mP6JGz+yzjNEBE/quIoEmfsbRC bEK4FvBYIJIM9enii9DSndom5szt8WhbAIiWAZf9hxgnjKBkcoI5vaNYzKmZvN+u +lwHeYFAGdS46ZRGp1COOSyvY9y2XrtCrJEK7tpIn7VrxYAiwgFOkCExN5dc3fex l54vfi/4uYdTHrgB5nJwSSZdxm7W3YXWfZ8zDVLCgoAnVt/HbJXjQgfShaCH4s4M 3rbjl1KaR1d5VGzOtDmpTqMbrzil1Drz6zh4TNOh8kt8bo+vRVUh/1F6HfawAZc7 nn6FrrY4yjTI6ycOxlzWP+qan/7OGDOEhp/hdpNI9jL/OunBPNBFwZnYWC5jgb8s O6FA/wjzSThgadrldZiBXPMmPKjxicuhf/j4TXl6aIktVo0OVwGyadv+dfAGNeN/ zSfoYjd2DguRqSg4Th5Oo6OSKqBE6Vl072fuFBS+4GuU+b8gCivLBnnJfnzCKVpk npey4jXIyTFo3SY1actdOVouab5P764vSqxvXlQtN7nhmuV+2ieGHhWtxJwdrU6f 2c4GeSXugkTr6tK/RuEhDcA2adkYootng90KcPiS8LLG3BhsJ/N7EdwxH9H/fsuS s/ax3UuoSp5wdyXmAmPQ =yXng -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
On 26/08/11 21:07, Anthony Papillion wrote: >> Oh, you can own an encrypted filesystem, even if the box is down. The >> Evil Maid attack makes this trivial. And it doesn't matter the >> encryption software used either. > > I read about this attack a few years ago on Bruce Scheiner's blog. It > scared the crap out of me then and it still worries me quite a bit. Of > course, it's just a variant of what we've been telling people forever > now: if the system is compromised, encryption is useless. Still, it's > pretty scary stuff. I've taken a number of steps to make evil maid and cold boot style attacks against my new laptop much more difficult. It's funny this should come up just now, because I wrote it up earlier today. It's the latest article on my blog (first url in my sig). But yeah, if an attacker gets physical access to your machine, and they're determined enough, they can probably get in. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/26/2011 10:25 AM, Aaron Toponce wrote: > > Oh, you can own an encrypted filesystem, even if the box is down. The > Evil Maid attack makes this trivial. And it doesn't matter the > encryption software used either. I read about this attack a few years ago on Bruce Scheiner's blog. It scared the crap out of me then and it still worries me quite a bit. Of course, it's just a variant of what we've been telling people forever now: if the system is compromised, encryption is useless. Still, it's pretty scary stuff. Anthony -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) iQIcBAEBCAAGBQJOV/zvAAoJEFMVikTZRCu/qs8P/RCYVasGXeZrmBXUk+hy0WRd qn8iZfFLBcnnbbp+X/aroV/jK/UbH2scEbohmTosMnd4Rmr/YpS0rvTvI7Z0vZx0 bgn5xKQmLanqTvvGsPysJC7mk8kdAntpo9hMw+HufCAyzUUyKHrv7Ha+K08GueDj GXcyf97ZoYyVUFGDiB2lHGI31ZkQChejg7zjOVUQZFx5ok5YQSLBKCsa8q+e+eMB STt8P6jM24MV6d1kWvS1j4PYvykmG4FA+r2pHvl8XguogiULuzu8h6AXCEVVXPiD DgaHOuyKlEoAvoqSIHZ7d9oWDwdzKpJhZd0U4WECHgqCD+54OAKcMvsoIjugWV62 r678xJjV8w3TmJLW5mfpR1Mc7eVICvxbZjz7EfXoIKxGYt6V3KwWq6vz3Kaa2kFr RsOZN9ql328C4pHCZZ5B7B5D4qDGtKeX2rPe3YN1F8C75YEtfgDmrzmRkRRFYPGb 9i4NSo7Fjami1KIPSq2l+heK95trgXVNSh0s79BQsCu3e33AYO3j5l4u3IVxcwmy JBcEN/JVlNO2qn9iEJh+iUXVKIUZrUjUhX4H0bOoXQo4F5+c6CG52YfPON8LYu9F yBOqivAqI0nT1ulXX7pK6JC3WxlyWIea3rl9k4odso5YnlyApSUW3CKuuSd0ICb0 d4fVvqSB+YEZ9/iukQEo =BLsv -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
Actually I think https://www.xkcd.com/936/ says it better. :) On 08/26/2011 11:08, David Tomaschik wrote: > On Fri, Aug 26, 2011 at 12:31 PM, Faramir wrote: >> El 26-08-2011 12:35, Aaron Toponce escribió: >> ... >>> Also, 62-character passphrase might be a bit extreme, giving you a >>> false-sense of security. Using a truly random sequence of characters >>> from the 94-printable ASCII pool of characters, a 12-character >>> passphrase provides you with about 78-bits of entropy. If you think >> >> According to keepass strength measurer, you can get more than 128 bits >> with just 30 characters (including some symbols of course). >> >> Usually we want strong passphrases to keep things safe while stored on >> not-so-safe places, like attached to an email message on a mail server. >> >> Best Regards > > I really like KeePass, but the strength measure it provides is nearly > meaningless. It assumes 8 bits of entropy per symbol, which is, as > Aaron pointed out, wrong. Suggested readings: > https://secure.wikimedia.org/wikipedia/en/wiki/Entropy_%28information_theory%29, > https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength and > NIST publication 800-63. > > -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
On Fri, Aug 26, 2011 at 12:31 PM, Faramir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > El 26-08-2011 12:35, Aaron Toponce escribió: > ... >> Also, 62-character passphrase might be a bit extreme, giving you a >> false-sense of security. Using a truly random sequence of characters >> from the 94-printable ASCII pool of characters, a 12-character >> passphrase provides you with about 78-bits of entropy. If you think > > According to keepass strength measurer, you can get more than 128 bits > with just 30 characters (including some symbols of course). > > Usually we want strong passphrases to keep things safe while stored on > not-so-safe places, like attached to an email message on a mail server. > > Best Regards I really like KeePass, but the strength measure it provides is nearly meaningless. It assumes 8 bits of entropy per symbol, which is, as Aaron pointed out, wrong. Suggested readings: https://secure.wikimedia.org/wikipedia/en/wiki/Entropy_%28information_theory%29, https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength and NIST publication 800-63. -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which release should we be using?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 26-08-2011 12:35, Aaron Toponce escribió: ... > Also, 62-character passphrase might be a bit extreme, giving you a > false-sense of security. Using a truly random sequence of characters > from the 94-printable ASCII pool of characters, a 12-character > passphrase provides you with about 78-bits of entropy. If you think According to keepass strength measurer, you can get more than 128 bits with just 30 characters (including some symbols of course). Usually we want strong passphrases to keep things safe while stored on not-so-safe places, like attached to an email message on a mail server. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOV8pFAAoJEMV4f6PvczxA1KkH/1FMlL71+PLV2dYWbZdpqPzA 6z52Gm4O+t3Gl8KmLGljZvnVph7gGPuTwYUAtndpvE/ftibiaVONvX71X0qwrkGx A7mQEtKMjYDP8YfE3Zv+GVRIft7uIspqfTk9GnnlFJ5Pzvx7bb477C4438tT+tmB uvGQDmqU1PAJ8S70WGkSTjP8uXcIHe2zOCBMsJ+TpYkIIdDLLPKrIJwz7Q7JGorI 76sNKHlPkvv7y2ns1gqI2BOxgxjoJi031h8MKSGtOMtwhCJfkSTqGS9/tOgS1JXS w/994Z32Ko7I5/BrHV0otvWDjqN7Wn5i2QOWd9IuMYwSX+ISHKrXajGn77HLDYQ= =AB0f -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits
On Fri, 26 Aug 2011 15:56, joh...@vulcan.xs4all.nl said: > Does that mean we can expect GnuPG versions for mobile systems? I can't > wait to install a Symbian or Android port. Kmail (Kontact Touch) runs on the N900 (Linux based) and the HTC Touch pro 2 (WindowsMobile 6.5). With full GnuPG crypto support of course. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Re: Which release should we be using?
> > My passphrases are > > stored in a Keepass database that resides in a TrueCrypt container. It's > > protected well. My actual key is protected by a 62 character passphrase > One could argue that this is equivalent to having a passphrase-less > keyring within the Truecrypt container. Keepass is also (usually) protected. I think you could choose not to encrypt it but what would be the point? > To take Keepass's additional encryption into account, the key within the > container could have the Keepass-passphrase. What do you mean? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits
> Does that mean we can expect GnuPG versions for mobile systems? I can't > wait to install a Symbian or Android port. There's APG for Android right now. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits
XKCD says it best: https://www.xkcd.com/538/ On Fri, Aug 26, 2011 at 9:05 AM, Werner Koch wrote: > On Fri, 26 Aug 2011 11:00, b...@adversary.org said: > >> I understand the reasons for this, but is there any reason for not >> using an 8kb (or larger) master/certification key with more normal >> subkeys (e.g. a 2048-bit signing subkey and a 4096-bit encryption > > Actually the primary keys are the most worry some. I have a one 8k key > in my keyring and checking the key signatures made but that key takes a > noticeable time. Imagine everyone would use such keys and also consider > that nowadays more and more low-processing power devices are used. > > Such keys are at best a political statement and a good laugh for some > NSA folks. > > > Shalom-Salam, > > Werner -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits
On 26-08-2011 15:05, Werner Koch wrote: > and also consider > that nowadays more and more low-processing power devices are used. Does that mean we can expect GnuPG versions for mobile systems? I can't wait to install a Symbian or Android port. -- Met vriendelijke groet, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits
On 26/08/11 11:05 PM, Werner Koch wrote: > Actually the primary keys are the most worry some. That's a shame. > I have a one 8k key in my keyring So do I, but it's mine and it is not used for correspondence at all. > and checking the key signatures made but that key takes a noticeable > time. I had hoped that it would only be the subkeys that resulted in the performance hit (when checking message/file signatures, encrypting and decrypting). > Imagine everyone would use such keys and also consider that nowadays > more and more low-processing power devices are used. A good point. > Such keys are at best a political statement and a good laugh for > some NSA folks. Probably not just the NSA. ;) Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits
On Fri, 26 Aug 2011 11:00, b...@adversary.org said: > I understand the reasons for this, but is there any reason for not > using an 8kb (or larger) master/certification key with more normal > subkeys (e.g. a 2048-bit signing subkey and a 4096-bit encryption Actually the primary keys are the most worry some. I have a one 8k key in my keyring and checking the key signatures made but that key takes a noticeable time. Imagine everyone would use such keys and also consider that nowadays more and more low-processing power devices are used. Such keys are at best a political statement and a good laugh for some NSA folks. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Troubles with scim and pinentry
Hi, I have the problem that the process 'scim-bridge' crashes (segfault) from time to time on my system. After that, keyboard input doesn't work anymore and I have to kill and restart scim in a console outside of X. I suspect that this problem is related to pinentry (gtk2) because it happens just after having entered the pin, although I'm not 100% sure and it doesn't happen every time. Has anybody experienced similar problems or are there any ideas for a workaround or to debug this? Thanks, Marco P.S. Im using Debian Squeeze with - gnupg 2.0.14 - pinentry-gtk2 0.8.0 - scim 1.4.9 -- OpenPGP Key ID: 0x62937F7F signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keys over 4096-bits (was: gpg: invalid item `BZIP2' in preference string)
On 26/08/11 3:37 AM, Werner Koch wrote: > On Thu, 25 Aug 2011 17:22, la...@thehaverkamps.net said: > >> changing from 4096 to 8192 bit) > > DON'T. I understand the reasons for this, but is there any reason for not using an 8kb (or larger) master/certification key with more normal subkeys (e.g. a 2048-bit signing subkey and a 4096-bit encryption subkey)? Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg: invalid item `BZIP2' in preference string
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Run "sudo apt-get install bzip2" and see if that helps. Have you changed your kernel at all? David Manouchehri On 8/25/2011 11:22 AM, Lance W. Haverkamp wrote: > gpg: invalid item `BZIP2' in preference string -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOVz+AAAoJEBRGiElwwjoZfRYQAI79aY7AzlLtKTWOCa5V857r qBX4l+7I2dHnnf4PWCD2c65ZLUCoGWG4fV7wSeLGOZbLyynKxw08tbzu6b8rOLI8 uUacSJcOZcu1JVXms5y3g9AdI9kLXKIXPOkojMfhmOa0tQPAw+pBxmBoHLQYGyW8 8JY900S9pbZTDANEJaSOlFtw1Qjm50pj3BW4vUTvsfTgT0VqKYgeBo0Br4BvZvpo DagJNpgJk6v++Ov1OO2eDw4QHRY5f9USjOrMwoieQrQpMtfA7dVrc7sMZ2ozi1gl 492DiEz+ODqYF1EPOGE0Z640VNKMIxToDLn94Uqvai07NsRWKVOWYSYX4ROmx0G1 59VQi25jYG3vxJtZeWe7qeyNXDkqfn8DJ4CrgynRMgOc7Sr+s5qF11M0BmRp5MFl oXR8p8qC/j1RU8QRE9XWZp4TbIYsuIkzRPZG9pOQvjotuxnb+jLpyug+cun8bGsu OYhu62GP95bshMyvMujjKeTPtVaBI43JSK8/ugLzP5JCxuotxaidwJUbUaM8Sp0M bm2aC13okHQK3rHCTRPO95P6ykgx4h0aPimiYaj3THWJ8M+5H7bKxQwGhMZm8aDn LmsJFs1gOcXMyWW2NZpJ+03iz1/aF2Rxm6tdVtuC+gZe/znjtO/yrSWFwRuR91uf yjw8JxHThbB1i7zgDQKe =WyQM -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users