Re: Cant get Fellowship card to work
On Tue, 7 Jul 2009 22:24, mcs...@hotmail.com said: > gpg: detected reader `AKS ifdh 0' > gpg: detected reader `AKS ifdh 1' > gpg: detected reader `AKS VR 0' > gpg: detected reader `Aladdin Token JC 0' > gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0' > gpg: pcsc_connect failed: removed card (0x80100069) You have several readers installed. By default gpg uses the first one. Put this line into ~/.gnupg/gpg.conf : reader-port "SCM Microsystems Inc. SCR3340 ExpressCard Reader 0" I have not seen any reports about thsi reader; thus please report the outcome. > I have also just ordered 3 of the new OpenPGP cards (that supprt 3072 > but keys) and I am REALLY hoping I dont have the same problem like I am > with the Fellowship card ;-( You will have different problem ;-). gpg 1.4.9 does not yet support these cards. The forthcoming 1.4.10 will have at least limited support. In general I suggest to use GnuPG 2.0.12 plus the patches I recently posted (or under Windows gpg4win-2.0.0rc1 which already includes these patches). GnuPG 2.0.13 is also close to a release. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
8192bit RSA keys
Hey folks, Two years ago, there was a thread on this list, in which RSA key sizes >2048 were discussed [0]. In these two years, the crypto-world has been shaken up a bit, and computers got yet a bit more powerful. 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html I am trying to decide whether I want to create myself a new RSA key and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like to use the 8k variant, simply because I postulate that my machines can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but I don't know if this makes sense in practice. I understand RSA and I cannot imagine compatibility problems with other implementations, but I'd still like to reopen the issue and ask this list what they think about >2048bit keys, and 8192bit in particular. Thanks, -- martin | http://madduck.net/ | http://two.sentenc.es/ the unix philosophy basically involves giving you enough rope to hang yourself. and then some more, just to be sure. spamtraps: madduck.bo...@madduck.net digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gnupg not building with gcc4 and --enable-minimal option
Hi, I am trying to build gnupg on a RHEL box. I am not able to build gnupg with gcc4. When I downgrade to gcc3 it is building. Looks like this a bug with configure (http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024364.html). Is it fixed on the latest gnupg version ? -Senthil ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 8192bit RSA keys
On Mon, 6 Jul 2009 10:21, madd...@madduck.net said: > ask this list what they think about >2048bit keys, and 8192bit in ^^^ I see one eight miles high fence post with the rest of your areal protected by a tripwire. My position on that topic should be well enough known. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 8192bit RSA keys
martin f krafft wrote: > Two years ago, there was a thread on this list, in which RSA key > sizes >2048 were discussed [0]. In these two years, the crypto-world > has been shaken up a bit, and computers got yet a bit more powerful. With respect to key sizes, nothing has changed since then. IMO, keys larger than 2kbit have no practical purpose for >95% of users. Keys larger than 4kbit have no practical purpose, period. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg2 does not detect smart card adapter
--- Begin Message --- On Fri, 3 Jul 2009 21:38, jan.s...@privacyfoundation.de said: > I retrieve: "ERR 103 unknown command" Way too old software. > I was told that you also will release 1.4.10 with support for the > OpenPGP Card V2. Do you have any schedule when this will be available? This month. 2.0.13 needs to get out first and then I need to backport the new card stuff. That is mainly writing new glue code and test the thing. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. --- End Message --- -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not building with gcc4 and --enable-minimal option
On Jul 7, 2009, at 12:08 PM, Senthilkumar .E wrote: Hi, I am trying to build gnupg on a RHEL box. I am not able to build gnupg with gcc4. When I downgrade to gcc3 it is building. Looks like this a bug with configure (http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024364.html ). Is it fixed on the latest gnupg version ? What version of GPG are we talking about here? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 8192bit RSA keys
On Jul 6, 2009, at 4:21 AM, martin f krafft wrote: Hey folks, Two years ago, there was a thread on this list, in which RSA key sizes >2048 were discussed [0]. In these two years, the crypto-world has been shaken up a bit, and computers got yet a bit more powerful. 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html I am trying to decide whether I want to create myself a new RSA key and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like to use the 8k variant, simply because I postulate that my machines can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but I don't know if this makes sense in practice. It depends on what you're protecting against. For most common cases, a 8192-bit RSA key is likely so vastly stronger than the rest of your environment that a smart attacker wouldn't bother to attack it. They'd just go after what they want via other attacks against you and/ or your environment. Mind you, the same thing is true for a 2048-bit RSA key as well. (I'd wager that for many people, the same thing is also true for a 512-bit RSA key). If you can get the same end result with a smaller key, you need to ask yourself what the big key actually buys you. If you're looking for a more immediate reason, though, note that if you make a RSA key larger than 2048 bits you can't use it with the spiffy new OpenPGP smartcard. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg not building with gcc4 and --enable-minimal option
Please don't top-post. > I am trying to build gnupg on a RHEL box. I am not able to build gnupg with gcc4. When I downgrade to gcc3 it is building. Looks like this a bug with configure (http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024364.html ). Is it fixed on the latest gnupg version ? What version of GPG are we talking about here? On Jul 8, 2009, at 1:46 PM, Senthilkumar .E wrote: gnupg-1.4.7 version has this problem Try the most recent 1.4.9. I believe this problem was fixed in 1.4.8. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Opinions on RIPEMD vs SHA?
I'm considering making my default hash RIPEMD160: does anyone have any opinions on how this compares to SHA-2 algorithms in terms of both security and availability? I like the idea that RIPEMD was developed in an academic community instead of the NSA, but if there are genuine benefits to using SHA, I have no problem looking past this bit of romanticism. I'm especially curious if RIPEMD160 is commonly available in popular PGP clients. Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 8192bit RSA keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Shaw wrote: | On Jul 6, 2009, at 4:21 AM, martin f krafft wrote: | |> Hey folks, |> |> Two years ago, there was a thread on this list, in which RSA key |> sizes >2048 were discussed [0]. In these two years, the crypto-world |> has been shaken up a bit, and computers got yet a bit more powerful. |> |> 0. http://lists.gnupg.org/pipermail/gnupg-users/2007-June/031285.html |> |> I am trying to decide whether I want to create myself a new RSA key |> and am looking at key lengths of 2k, 4k, and 8k. In theory, I'd like |> to use the 8k variant, simply because I postulate that my machines |> can handle it (I don't use GPG on a PDA/SmartPhone (yet)), but |> I don't know if this makes sense in practice. | | It depends on what you're protecting against. For most common cases, | a 8192-bit RSA key is likely so vastly stronger than the rest of your | environment that a smart attacker wouldn't bother to attack it. | They'd just go after what they want via other attacks against you and/ | or your environment. Mind you, the same thing is true for a 2048-bit | RSA key as well. (I'd wager that for many people, the same thing is | also true for a 512-bit RSA key). If you can get the same end result | with a smaller key, you need to ask yourself what the big key actually | buys you. | | If you're looking for a more immediate reason, though, note that if | you make a RSA key larger than 2048 bits you can't use it with the | spiffy new OpenPGP smartcard. | Another reason is that even if increasing my key size to would increase my security in some sense, I do not want my GPG security to be so strong that the black hats would bypass it and torture the key out of me. - -- ~ .~. Jean-David Beyer Registered Linux User 85642. ~ /V\ PGP-Key: 9A2FC99A Registered Machine 241939. ~ /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ~ ^^-^^ 14:00:01 up 20 days, 49 min, 3 users, load average: 4.05, 4.34, 4.48 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKVN/vPtu2XpovyZoRAsT/AJ4k/O4O517+YH7KYaLevt28VFOT+wCeO5GW 9I/aKv70703nlIyx7PbfJow= =Trab -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Opinions on RIPEMD vs SHA?
On Jul 8, 2009, at 12:56 PM, Brian Mearns wrote: I'm considering making my default hash RIPEMD160: does anyone have any opinions on how this compares to SHA-2 algorithms in terms of both security and availability? I like the idea that RIPEMD was developed in an academic community instead of the NSA, but if there are genuine benefits to using SHA, I have no problem looking past this bit of romanticism. I'm especially curious if RIPEMD160 is commonly available in popular PGP clients. RIPEMD160 is nearly universally supported in popular PGP clients. It's been around for a long time. That said, you can't compare it to SHA-2. I believe your academia/NSA comparison is invalid (it's really just romanticism), but I'm not even going to bother to restart the common algorithm/peer review/more attacks/etc discussion that we've had a zillion times on this list, and instead jump right to the easy reason: RIPEMD160 is 160 bits long. SHA-2 is (at minimum) 224 bits long, and can go up to 512 bits long. 224 > 160. 512 is very > 160. Unless you think SHA-2 is actually weaker than RIPEMD160 somehow, why would you not use it? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Opinions on RIPEMD vs SHA?
On Wed, 8 Jul 2009 18:56, bmea...@ieee.org said: > I'm considering making my default hash RIPEMD160: does anyone have any > opinions on how this compares to SHA-2 algorithms in terms of both Don't do that. RIPEMD160 is a pure European algorithm and by design not different than SHA-1; like most hash algorithms it is based on the same principles as MD4 is. There is no reason to believe that RIPEMD-160 is stronger than the SHA-1. If you want to do business with European governments you need to support RIPEMD-160 - well at least until last year. Since this year, SHA-256 is a requirement for most purposes. > security and availability? I like the idea that RIPEMD was developed > in an academic community instead of the NSA, but if there are genuine Well, if you look at the prominent people from that community you will notice strong links to the country's respective TLAs. > romanticism. I'm especially curious if RIPEMD160 is commonly available > in popular PGP clients. GnuPG might be the only OpenPGP implementation to support it. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 8192bit RSA keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jean-David Beyer wrote: > Another reason is that even if increasing my key size to would increase my > security in some sense, I do not want my GPG security to be so strong that > the black hats would bypass it and torture the key out of me. Depending upon the sophistication of Your adversary, brute force may be the 'method of choice' even if You were using ROT-13. :-D JOHN ;) Timestamp: Wednesday 08 Jul 2009, 15:55 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn5046: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: http://www.gswot.org Comment: Personal Web Page: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJKVPm3AAoJEBCGy9eAtCsPgtgH/25b9+z5sFdPKGFt3Cs6LhD5 JIyCFugs6DUfTgiKBtgiBhsjwd2uQ3F9yhMykPRIkkIcQn6nCjQHbYMCCvUXlUry 2a7yaUwoOeuons93f5kUyq278nx88h6A71oe/RqC2g5yVdk7h6RdtkDKJhaPd4Yf BVpJjdU4dOTidxHIoBpr4tkkeHjOcr9M7rzSZ21LINnqvJpGEVNbSMaYDyWVEmRN OiBAaZfU8DDDXYciAzaZGl3JRjzmfawyU2q/PrWXkthUcvzFnhXPG7b20rRfW/oF fsHIZfF+4HdIaS5S9ox+/NaPSRSNtB/OFhFc08QtJ3wXz5bPqn6XYz6XOo6aex4= =Drlu -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Opinions on RIPEMD vs SHA?
On Wed, Jul 8, 2009 at 3:33 PM, Werner Koch wrote: > On Wed, 8 Jul 2009 18:56, bmea...@ieee.org said: > >> I'm considering making my default hash RIPEMD160: does anyone have any >> opinions on how this compares to SHA-2 algorithms in terms of both > > Don't do that. RIPEMD160 is a pure European algorithm and by design not > different than SHA-1; like most hash algorithms it is based on the same > principles as MD4 is. There is no reason to believe that RIPEMD-160 is > stronger than the SHA-1. > > If you want to do business with European governments you need to support > RIPEMD-160 - well at least until last year. Since this year, SHA-256 is > a requirement for most purposes. > >> security and availability? I like the idea that RIPEMD was developed >> in an academic community instead of the NSA, but if there are genuine > > Well, if you look at the prominent people from that community you will > notice strong links to the country's respective TLAs. > >> romanticism. I'm especially curious if RIPEMD160 is commonly available >> in popular PGP clients. > > GnuPG might be the only OpenPGP implementation to support it. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. > > Thank you both for your input. I'll stick with SHA. -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 8192bit RSA keys
> It depends on what you're protecting against. For most common cases, > a 8192-bit RSA key is likely so vastly stronger than the rest of your > environment that a smart attacker wouldn't bother to attack it. > They'd just go after what they want via other attacks against you and/ > or your environment. Mind you, the same thing is true for a 2048-bit > RSA key as well. (I'd wager that for many people, the same thing is > also true for a 512-bit RSA key). What a great idea for a metric! --dan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
starting gpg-agent
Before switching to Gnome I was running KDE and gpg-agent apparently started automatically when the system was booted. Now that I'm running Gnome I've entered the following on the CLI: gpg-agent --daemon --use-standard-socket --log-file /home/chris/.gnupg/agent.log Using webmin I've setup several other apps such as fetchmail to start when the system requires a restart such as a new kernel is installed. I assume this will work also for gpg-agent? Chris -- KeyID 0xE372A7DA98E6705C signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Opinions on RIPEMD vs SHA?
I'm considering making my default hash RIPEMD160: does anyone have any opinions on how this compares to SHA-2 algorithms in terms of both security and availability? The new SHAs have the benefit of about a dozen years of cryptanalytic research behind them. RIPEMD160 is very similar to SHA-1, and the recent attacks against SHA-1 are likely applicable to RIPEMD160. Those same attacks do not apply against the newer SHAs. I have no problem looking past this bit of romanticism. "Romanticism" is exactly the right word to use. I'm especially curious if RIPEMD160 is commonly available in popular PGP clients. Yes. It's been in PGP since 6.5.8, and in GnuPG since 1.0. (Probably since long before 1.0, but since 1.0 was the first official release, that's where I trace things back to.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
