an example?
If you truly believe this, stop using OpenPGP.
Is my statement not true for MD5?
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223
://eprint.iacr.org/2011/641
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
like I do with my v4 key.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
kinda defeats the purpose.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
, there is no way
to verify that I came from who you think it did.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description
UID. If you want to do those two
steps, you have to do them manually.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
. For other
platforms, the binary is always compiled in the ordinary way. I expect
exposing this information was not considered to be terribly important
since most platforms don't have this issue.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http
if the block cipher is secure.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
On Tue, Jan 31, 2012 at 11:23:25PM +, MFPA wrote:
On Monday 30 January 2012 at 7:06:43 PM, in
mid:20120130190643.gb184...@crustytoothpaste.ath.cx, brian m.
carlson wrote:
The problem is that unlike regular list messages, the
dupes don't come with the list headers, which makes
sorting
may sprout a keyserver daemon
supporting this, but there's no guarantee that that will happen anytime
soon, if ever. Don't hold your breath.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b
MFPA wrote:
On Monday 23 January 2012 at 12:47:03 AM, in
mid:20120123004703.GB10912 at crustytoothpaste.ath.cx, brian m. carlson
wrote:
This is not a problem with OpenPGP because the attacker
never gets to see the value encrypted with RSA because
it's the symmetric key.
Isn't
that person's identity and key
myself, I use a local signature. That way I don't have other people
rely on my assertion if I haven't done the amount of checking that I
would like to before making a public statement.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http
that verify signatures only once and then cache the
results, but most implementations do not do that.
Also, there's nothing preventing people from actually signing data with
the primary key, so someone who is unfamiliar with your strategy might
accidentally use a single, very large key.
--
brian m
would have to support multiple padding schemes, which
would be burdensome without providing significantly more security.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B
risking corrupting the structure of the method.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital
data stored with the
passphrase to make the hash unique even if you reuse the passphrase).
This makes brute-force attempts slower since more computation is
required.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion
.
* Someone made an error in the OpenPGP implementation.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital
that you have a good PRNG, such as /dev/urandom,
then there's not really much concern about k. After all, you also need
a good PRNG for CFB IVs as well, although the consequences aren't as
disastrous.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http
ID or signature,
which would not be hhelpful.
If you need to be able to compute the fingerprint independently, you'll
need to parse the public key packet and follow the formula specified in
RFC 4880. It's not terribly difficult.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832
, separate keyrings in
one directory (like /usr/share/keyrings). If you would like to use the
--homedir method, nothing is preventing you from doing that. But
breaking existing infrastructure will go over like a lead balloon.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623
) actually give any credence to the left two whatsoever?
If there's an OpenPGP implementers' list or another, more appropriate
forum, please feel free to point me in that direction. I couldn't find
one, so I posted here.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791
22 matches
Mail list logo