Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
> The enthusiast project Rob mentions is distributed.net. The 64-bit challenge > took over four years. From their web page: Ah, yes! Thank you. :) > 107,559 days for 100% of the 72-bit keyspace. Given 50% as a best-guess > estimation for a brute-force attack, your're looking at 147+ YEARS at the > current rate to solve a single 72-bit key. Yep. This is close enough to 80-bit that I'm plenty comfortable telling people "please don't use RSA-1024," but not so close that I think anyone should be panicking. :) signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
Robert J. Hansen wrote: > afreewoman wrote: > >> to the task of protecting activists. If the NSA can break 1024 bit >> encryption, they have almost certainly already hacked SHA512. > > Breaking RSA-1024 is considered equivalent to an attack of complexity > 2**80. That's *a lot*. A few years ago a group of enthusiasts used a > large distributed network and over a year of processing time to mount > an attack of complexity 2**64. 2**80 is a factor of 64,000 times > harder. No one knows whether RSA-1024 has been broken: all that we > know is it's time is limited, and if it hasn't yet been broken it's a > question of when and not if. The enthusiast project Rob mentions is distributed.net. The 64-bit challenge took over four years. From their web page: > Project RC5 > > The "Bovine" RC5 effort was formed to take the responsibilities of coordinating and maintaining the RC5 servers that are needed to distribute key blocks to work on to all of the participating client programs. We depend heavily (entirely) on the participation of people like yourself, as we intend to solve this project via the use of brute force, trying every possible key there is. > > We know this method works! On 19 October 1997 at 1325 UTC, we found the correct solution for the RSA Labs 56-bit secret-key challenge (RC5-32/12/7). The key was 0x532B744CC20999, and it took us 250 days to locate. > > Then, on 14 July 2002 at 0150 UTC we found the winning key for the RSA > Labs 64-bit secret-key challenge (RC5-32/12/8). That key was > 0x63DE7DC154F4D039 and took us 1,757 days to locate. As of 03 December 2002, we're now working on the 72-bit RSA Labs secret-key challenge (RC5-32/12/9) [0] RC5-56: 250 days RC5-64: 1757 days RC5-72: 4208 days in process, 3.227% of keyspace tested at an overall rate of 419,091,414,000 Keys/sec. (...we'll hit 100% in 107,559 days at yesterday's rate.)[1] 107,559 days for 100% of the 72-bit keyspace. Given 50% as a best-guess estimation for a brute-force attack, your're looking at 147+ YEARS at the current rate to solve a single 72-bit key. From the OP: >> My question for you is: Why would you want to add encryption that is >> "good enough" to a product that already contains this ability? Why would >> you NOT want to include the strongest, most secure encryption possible >> by default? Take a look at the math, after dialing back the out-of-control paranoia. Brute-forcing "good enough" is still science fiction usually requiring ignoring the Second Law of Thermodynamics. Strongest encryption does not necessarily equate to most secure. Security is a chain, a process. Encryption is only one link of that chain and nearly all experts will tell you, no one attacks the encryption, there are much easier links to attack and break. -J [0] http://www.distributed.net/RC5 [1] http://stats.distributed.net/projects.php?project_id=8 -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
As for SHA512 being under threat? That is simply ludicrous. As a quick Fermi estimate -- Brute-forcing a preimage collision in SHA-512 takes 10**153 operations (2**511). Each attempt requires erasing 1024 bits of information (512 bits of input buffer and 512 of output buffer). That's 10**3, more or less. Each erasure of a bit requires 10**-23 joules of energy. Multiply 'em together and you get 10**133 joules of energy. Then apply E=mc**2, which tells us each kilogram is equivalent to 10**17 joules, and you discover that the attempt at brute-forcing SHA-512 will distort space-time as much as a mass of 10**116 kg. The universe has a mass of 10**53 kg. If anyone is intent on brute-forcing SHA-512 in our universe, I'm going to have to insist that they shift their operations to the nearest convenient parallel dimension. I do not want this going on in the same light-cone of where I live. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
While I agree with Phil, there's one thing here which perhaps could use some clarification: of physics and information theory for believing that not only is it computationally infeasible now for us to mount any kind of realistic attack upon SHA512, but it will forever remain computationally infeasible. My only caveat there is this applies to brute force. Roughly speaking, you can imagine a hash function as being sort of like a jet engine. Stuff gets ingested, then sliced up and compressed and mixed up and totally mangled, and at the end you've got something coming out of the contraption. In a jet engine, if your compressor goes out the engine fails. In a Merkle-Damgard hash function (such as SHA-512), if the compression stage has flaws the entire hash function is prone to failure. This is how we knew back in 1997 that MD5 was on thin ice: although we didn't know how to make MD5 fail, we knew how to make the compression stage fail, and that was enough to say "please stop using MD5, failure is imminent." What Phil is saying -- and what I've said -- is true for brute-force attacks. It's simply not going to happen. Ever. Breaking SHA-512 by brute force requires a lot of energy -- more energy than a quasar puts out over its entire lifespan, more energy than you'd find in a galactic core explosion, an amount of energy so vast that just having that much energy available would do horrific things to the structure of space-time -- we're talking distortions like those found at the surface of a neutron star. If you think I am kidding, no, I am not. When Phil said it would require a Kardashev-3 civilization, he may have been understating things. However, if someone is able to find a flaw in SHA-512's compression function then all bets are off. No one has so far been able to. Nor have there yet been any promising avenues of research in this direction. (For the record, every hash algorithm in OpenPGP is a Merkle-Damgard. There are some excellent hash functions that aren't Merkle-Damgards, though! My favorite non-Merkle-Damgard is Whirlpool, which is basically AES turned into a hash function.) ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/10/14 22:04, afreewoman wrote: > Errr...that's not the first time I've done that! The center is real > - did you search for it? The center exists, indeed. That's about the point at which reality and the nsa.gov1.info parody article part company. Someone had great fun putting that article together, but one should not base life choices or technical decisions on it. I share Robert's grave skepticism that any intelligence agency in the world (except maybe North Korea's) would publicly announce that they were close to cracking AES128 except as a move to spread uncertainty and doubt. As for SHA512 being under threat? That is simply ludicrous. Barring completely paradigm-shattering breakthroughs in both cryptography and information theory, there are sound and convincing reasons in the laws of physics and information theory for believing that not only is it computationally infeasible now for us to mount any kind of realistic attack upon SHA512, but it will forever remain computationally infeasible. In fact, to enlarge upon that, there are strong arguments (again based in physics and information theory) that a successful attack against SHA512 would require the resources of a Type 3 Kardashev civilization. We are not yet a Type 1 Kardashev civilization, and not likely to become one during the lifespan of any person now alive. - -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlOYYkIACgkQ0DfOju+hMklyFACfVPl0v9cuWfkNEabJxWgwQR4h TX4An3HDZvz9w4pl63oNyVfyTrK0t0C9 =Vw8L -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
> Errr...that's not the first time I've done that! The center is real - > did you search for it? _The Onion_ often refers to Cedar Rapids, Iowa in its satire. That's a real city; I've been there. However, the things _The Onion_ claims happen there have never happened at all. Consider, e.g.: http://www.theonion.com/articles/security-beefed-up-at-cedar-rapids-public-library,217/ The Cedar Rapids Public Library is real: I've been in it. But it looks nothing like what the _Onion_ claims and the staff there did not beef up security post-9/11, and anyone foolish enough to try to use it as evidence of a real-world claim will at the least face immense skepticism. The exact same applies here. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
Errr...that's not the first time I've done that! The center is real - did you search for it? http://www.forbes.com/sites/kashmirhill/2013/10/17/nsas-utah-data-center-suffers-new-round-of-electrical-problems/ On 6/9/2014 6:14 PM, Robert J. Hansen wrote: > On 6/9/2014 6:13 PM, afreewoman wrote: >>> No, we don't. >> >> Response: http://nsa.gov1.info/utah-data-center/ > > Err -- check the bottom of that page, please. > > "This is a parody of nsa.gov and has not been approved, endorsed, or > authorized by the National Security Agency or by any other U.S. > Government agency." > > The bit from the page about "Our Current Target: 128-bit AES" should > also have been a dead giveaway. Do you really think that if *any* > government was closing in on the ability to break AES-128 that they'd > publish it on a webpage? > > Or the "[o]ur classified NSA Oak Ridge facility..." A classified > facility would not be published on a webpage, as that would mean the > facility was no longer secret, and thus no longer eligible for > classification. > > Or the, "In recent months, numerous TS documents have been leaked to the > media relating to surveillance activities carried out by our > Intelligence Community. In an effort to increase transparency, a new > website called 'IC OFF THE RECORD' was created to provide the American > People immediate, ongoing and direct access to these unauthorized leaks." > > Well, congratulations: if that site's authentic, then whoever's behind > it has just committed so many violations of the Espionage Act that it > would require scientific notation just to count them. > > I mean ... seriously. As far as parody goes it's pretty funny, but any > one paragraph, by itself, is chock-full of evidence that it's completely > fake. > > The *real* NSA public affairs website, incidentally, is: > > http://www.nsa.gov/public_info/ > > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
On 6/9/2014 6:13 PM, afreewoman wrote: >> No, we don't. > > Response: http://nsa.gov1.info/utah-data-center/ Err -- check the bottom of that page, please. "This is a parody of nsa.gov and has not been approved, endorsed, or authorized by the National Security Agency or by any other U.S. Government agency." The bit from the page about "Our Current Target: 128-bit AES" should also have been a dead giveaway. Do you really think that if *any* government was closing in on the ability to break AES-128 that they'd publish it on a webpage? Or the "[o]ur classified NSA Oak Ridge facility..." A classified facility would not be published on a webpage, as that would mean the facility was no longer secret, and thus no longer eligible for classification. Or the, "In recent months, numerous TS documents have been leaked to the media relating to surveillance activities carried out by our Intelligence Community. In an effort to increase transparency, a new website called 'IC OFF THE RECORD' was created to provide the American People immediate, ongoing and direct access to these unauthorized leaks." Well, congratulations: if that site's authentic, then whoever's behind it has just committed so many violations of the Espionage Act that it would require scientific notation just to count them. I mean ... seriously. As far as parody goes it's pretty funny, but any one paragraph, by itself, is chock-full of evidence that it's completely fake. The *real* NSA public affairs website, incidentally, is: http://www.nsa.gov/public_info/ ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06/09/14 18:13, afreewoman wrote: >> No, we don't. > > Response: http://nsa.gov1.info/utah-data-center/ I refer you to the footer of that page: "This is a parody of nsa.gov and has not been approved, endorsed, or authorized by the National Security Agency or by any other U.S. Government agency." - -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlOWNeoACgkQ0DfOju+hMkl7fQCghoVCC46PO1rZZCdHt6Tn0Uj3 aPkAoIRCo2UWZWcMTbswU9+0FpBYUbK6 =qbg7 -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
> No, we don't. Response: http://nsa.gov1.info/utah-data-center/ On 6/9/2014 12:09 PM, Robert J. Hansen wrote: >> disturbing. We have processors bugged during delivery intercepts, at >> least one facility here in the US (if we don't count Google) with enough >> computing power and resources to pull off decrypting SHA512 without >> breaking a sweat, etc. etc. > > No, we don't. > > At present, the best way to attack SHA512 is to do a birthday attack of > complexity roughly 2**256. There are a lot of laws of physics that > compellingly argue that doing a computation of that complexity would > require more energy than the Sun will put out over its entire lifetime. > > You may want to consider having a little more skepticism in your > sources. At least on this particular count, your source is one hundred > percent wrong. > >> to the task of protecting activists. If the NSA can break 1024 bit >> encryption, they have almost certainly already hacked SHA512. > > Breaking RSA-1024 is considered equivalent to an attack of complexity > 2**80. That's *a lot*. A few years ago a group of enthusiasts used a > large distributed network and over a year of processing time to mount an > attack of complexity 2**64. 2**80 is a factor of 64,000 times harder. > No one knows whether RSA-1024 has been broken: all that we know is it's > time is limited, and if it hasn't yet been broken it's a question of > when and not if. > > But SHA512, even for a pure birthday collision (which is pretty much > useless in terms of how OpenPGP gets used), is at best a 2**256 attack. > That's a factor of 2**176 harder. In plain English, that's a factor of > > 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 > > harder. That's a *lot*. > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
disturbing. We have processors bugged during delivery intercepts, at least one facility here in the US (if we don't count Google) with enough computing power and resources to pull off decrypting SHA512 without breaking a sweat, etc. etc. No, we don't. At present, the best way to attack SHA512 is to do a birthday attack of complexity roughly 2**256. There are a lot of laws of physics that compellingly argue that doing a computation of that complexity would require more energy than the Sun will put out over its entire lifetime. You may want to consider having a little more skepticism in your sources. At least on this particular count, your source is one hundred percent wrong. to the task of protecting activists. If the NSA can break 1024 bit encryption, they have almost certainly already hacked SHA512. Breaking RSA-1024 is considered equivalent to an attack of complexity 2**80. That's *a lot*. A few years ago a group of enthusiasts used a large distributed network and over a year of processing time to mount an attack of complexity 2**64. 2**80 is a factor of 64,000 times harder. No one knows whether RSA-1024 has been broken: all that we know is it's time is limited, and if it hasn't yet been broken it's a question of when and not if. But SHA512, even for a pure birthday collision (which is pretty much useless in terms of how OpenPGP gets used), is at best a 2**256 attack. That's a factor of 2**176 harder. In plain English, that's a factor of 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 harder. That's a *lot*. ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
As a "user-only" of these tools, I have found the casual attitude around the varying ways in which encryption has been subverted by intelligence actors around the world very disturbing. We have processors bugged during delivery intercepts, at least one facility here in the US (if we don't count Google) with enough computing power and resources to pull off decrypting SHA512 without breaking a sweat, etc. etc. - and little information about how pervasive their use of cryptographic hacking technology is. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security Enigmails plugin is recommended to activists around the world - most recently by ResetTheNet.org https://pack.resetthenet.org/. Though it may be useful to think of rewriting Enigmail code to include an upgrade cryptography solution, I'm not sure why anyone would consider SHA512 up to the task of protecting activists. If the NSA can break 1024 bit encryption, they have almost certainly already hacked SHA512. "Another option is that the NSA has built dedicated hardware capable of factoring 1024-bit numbers. There's quite a lot of RSA-1024 out there, so that would be a fruitful project. So, maybe." https://www.schneier.com/blog/archives/2012/03/can_the_nsa_bre.html I have neither the time nor the energy to go into all the exhaustive articles out there on the NSA's assault, using private corporate partners as well as government facilities, on privacy around the globe. My question for you is: Why would you want to add encryption that is "good enough" to a product that already contains this ability? Why would you NOT want to include the strongest, most secure encryption possible by default? Thank-you for your time and patience with a non-coding, technical support person :) On 6/9/2014 5:45 AM, Suspekt wrote: > Am 09.06.2014 12:18, schrieb Nicolai Josuttis (enigmail): >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> Hi "Suspekt", >> >> thanks for the feedback. >> >> the cryptographic experts warn strongly about using SHA1. >> See for example Minute 31:30 of the following talk (in German): >> >> http://media.ccc.de/browse/congress/2013/30C3_-_5337_-_de_-_saal_2_-_201312271715_-_kryptographie_nach_snowden_-_ruedi.html >> >> >> The essence is "SHA1 is broken". >> See also by the same author >> http://www.cryptolabs.org/hash/WeisCccDsHash05.html >> The author offered the following bet in 2005(!): >> I would prefer to bet for Britney Spears being a virgin >> over the safety of SHA1 >> ;-) >> >> Without being an expert, that's seriously enough >> strong warnings by experts I trust. >> >> Best >> Nico > > OK, let me also throw in some references ;) > > https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html > "A collision attack is therefore well within the range of what an > organized crime syndicate can practically budget by 2018, and a > university research project by 2021." > > So, yes lets switch, but don't panic. I've read on some mailinglist the > nice paraphrase "let's retreat instead of run away". > To clarify this: Using SHA512 as a default is probably a good thing > > > > ___ > enigmail-users mailing list > enigmail-users@enigmail.net > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > ___ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
Am 09.06.2014 12:18, schrieb Nicolai Josuttis (enigmail): -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi "Suspekt", thanks for the feedback. the cryptographic experts warn strongly about using SHA1. See for example Minute 31:30 of the following talk (in German): http://media.ccc.de/browse/congress/2013/30C3_-_5337_-_de_-_saal_2_-_201312271715_-_kryptographie_nach_snowden_-_ruedi.html The essence is "SHA1 is broken". See also by the same author http://www.cryptolabs.org/hash/WeisCccDsHash05.html The author offered the following bet in 2005(!): I would prefer to bet for Britney Spears being a virgin over the safety of SHA1 ;-) Without being an expert, that's seriously enough strong warnings by experts I trust. Best Nico OK, let me also throw in some references ;) https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html "A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021." So, yes lets switch, but don't panic. I've read on some mailinglist the nice paraphrase "let's retreat instead of run away". To clarify this: Using SHA512 as a default is probably a good thing ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi "Suspekt", thanks for the feedback. the cryptographic experts warn strongly about using SHA1. See for example Minute 31:30 of the following talk (in German): http://media.ccc.de/browse/congress/2013/30C3_-_5337_-_de_-_saal_2_-_201312271715_-_kryptographie_nach_snowden_-_ruedi.html The essence is "SHA1 is broken". See also by the same author http://www.cryptolabs.org/hash/WeisCccDsHash05.html The author offered the following bet in 2005(!): I would prefer to bet for Britney Spears being a virgin over the safety of SHA1 ;-) Without being an expert, that's seriously enough strong warnings by experts I trust. Best Nico Am 09.06.2014 10:37, Suspekt schrieb/wrote: > Hi Nicolai, > > > Am 08.06.2014 18:21, schrieb Nicolai Josuttis: >> Hi, >> >> at http://vimeo.com/channels/ndc2014/97501375 you can find my >> talk last week (June 5, 14) > Hi Nicolai, some thoughts on you talk. First things first: I > watched the video, liked it and it was really interesting. I > believe at ~57:50 min you are a bit too harsh with SHA1. If I > understand the SHA1 problems correct, then SHA1 has to be > considered cryptographically broken, but there is no reason to > panic. That is because the attacks are rather theoretical than > practical for now. Nevertheless we should move away from SHA1 so > your recommendation to use SHA512 is reasonable I think. > > ___ enigmail-users > mailing list enigmail-users@enigmail.net > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > > > - -- Nicolai M. Josuttis www.josuttis.de mailto:n...@enigmail.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBCgAGBQJTlYoFAAoJEBwWpwr5LSj1X3kP/21f7kWlUOMwGUx4z2afbls8 I1Riup//zkuYlHzA1vunL59VWOAT0uEhxQDEILtuW20D3IxbaeOBIlAO4CP8q5wl oz80A6n2cD8p+sIBFPGpoy5nvJQio5inNGAsPPRclkeS+00NRMXxQqsJOvhrh18t 1oLZPOId/7f1fuUHjJhvhLjNFKK3kD96ns4oXmcYLClvGHbM+lQ0fgn9WkOZj2WZ uIRtgcWN43a0i54hqiNxjUw67oe+plKzIMkn9L1gH80g5FNOa8sR56h4DmH1u2Km fnQPHCg8sVb7Gxi7M3TPyHtfpNRib7zw+QiTKsm+Cb6Zw+m9Eroau/TSDVryXPnK 8wohrgk0kt62envP7bPrdFZjj9V+632UniUl1k1Sa9O+1VpafknkixbIrSBRyM0T S5DVCylYNMzEZHpE/LJHMUA2YoncymvmNSffpCyesXlZf7sVJv+DAFmATZYUzgzU vZxJC35qte1sOrNBeII5QeRZm6Zrz+6qjCTj3owN8bXzgmUozJ/A8jcOB8c3sx0C Iea8cG/1n6SSLeMqAOGBE3prUckEsoUhJOt+cieZn1WPvVtzN1voDVyOE2MhOKyd at4yZKjlaZFN+qas/sH8Ol/HeqA2xgo8oktAKvhD9FX5E9JaVBoTf9gl6Xk5Aq+3 NHXJmGIzcTnlNNBfM0Hz =L0G3 -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
Am 08.06.2014 18:21, schrieb Nicolai Josuttis: Hi, at http://vimeo.com/channels/ndc2014/97501375 you can find my talk last week (June 5, 14) Hi Nicolai, some thoughts on you talk. First things first: I watched the video, liked it and it was really interesting. I believe at ~57:50 min you are a bit too harsh with SHA1. If I understand the SHA1 problems correct, then SHA1 has to be considered cryptographically broken, but there is no reason to panic. That is because the attacks are rather theoretical than practical for now. Nevertheless we should move away from SHA1 so your recommendation to use SHA512 is reasonable I think. ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Video of my privacy & enigmail talk at NDC conference available
On 6/8/2014 11:21 AM, Nicolai Josuttis wrote: > Hi, > > at > http://vimeo.com/channels/ndc2014/97501375 > you can find my talk last week (June 5, 14) > at NDC about: > - the motivation of privacy, > - how to deal with it in practice and > - enigmail as an example. > > May be we should put a link t the enigmail website. > > Enjoy > Nico > I listened to it and would also like a link to your slides. I added calomel(sp?) to my firefox plugins because you described it. Sincerely, (Mr.) Gayle Lee Fairless fairl...@ieee.org signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] Video of my privacy & enigmail talk at NDC conference available
Hi, at http://vimeo.com/channels/ndc2014/97501375 you can find my talk last week (June 5, 14) at NDC about: - the motivation of privacy, - how to deal with it in practice and - enigmail as an example. May be we should put a link t the enigmail website. Enjoy Nico -- Nicolai M. Josuttis www.josuttis.de ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] Video of my privacy & enigmail talk at NDC conference available
Hi, at http://vimeo.com/channels/ndc2014/97501375 you can find my talk last week (June 5th 14) at NDC about - the motivation of privacy, - how to deal with it in practice and - enigmail as an example. May be we should put a link t the enigmail website. Enjoy Nico -- Nicolai M. Josuttis www.josuttis.de ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net