Re: Question about details of key sigining
On 04/23/2011 06:11 AM, Quequanys wrote: > When you sign someones keys, does it > mean that their public key (with uids) is hashed > and the hash is encrypted, or maybe there is no > hashing and signing means only encryption of the > public keys and uids? Could you point me to > specific portions of documentation that cover this > issue? Each User ID is signed separately. For a certification over a Key + UID, the public key, user ID, and any other subpackets (chosen by the certifier) are digested against a specially-chosen prefix (a different prefix than the prefix used for data signatures). I believe you're interested in this section of the OpenPGP specification: https://tools.ietf.org/html/rfc4880#section-5.2.4 hth, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On Sunday 24 April 2011, Faramir wrote: > El 21-04-2011 10:20, Jean-David Beyer escribió: > ... > > > to remember them all in any case. Even if I could remember them, I > > could not even remember what login to use on each machine, and > > which password went with which login so I did write them down and > > to hell with the management rules. > > You can store them in a password manager, it's more secure than a > txt file or a post-it on the screen. That's not true. A Post-It is much more secure if you do not have to keep the password secret from people who have physical access to your computer. For most home users this should be the case. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote: > Summary: A 3-word password (e.g., "quick brown fox") is secure against > cracking attempts for 2,537 years. > > http://www.baekdal.com/tips/password-security-usability Yeah, I've read it. It sucks. If an author claims they know something about password security, but don't define entropy, or at least explain it, then the article is worth a grain of salt. The math is just bad. Very, very bad. If you really want password security, coupled with massive amounts of entropy, and 100% platform independence, then I would suggest https://passwordcard.org. My thoughts on the matter: * Entropy: http://pthree.org/?p=1761. * Password Card: http://pthree.org/?p=1564 -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: A better way to think about passwords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 24 April 2011 at 4:23:39 AM, in , Faramir wrote: > You can store them in a password manager, it's more > secure than a txt file or a post-it on the screen. The > only problem is you need a working computer in order to > be able to open de passwords database, so you still > need to remember your login for the computer... That is not the only problem. It also requires that a password manager is among the software your employer makes available (or allows you to install). - -- Best regards MFPAmailto:expires2...@ymail.com A closed door is an invitation to knock -BEGIN PGP SIGNATURE- iQE7BAEBCgClBQJNs+pnnhSAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p9yUEAImr Ep//Phr2sxPGOimctkVFgI305GTiSNZZWuHn5zC3YZU6E0lMuagYngEGWWLw0WCL Jk1F/YxvJilNJACzDKl0GwLT4x2pWfPtSjy/nqPWKinYFmaqGERiCgy4C1YBOAYn DKGgDgLWF0iEHnJZ37n3bod+CAlzhCyMAcNv3YI0 =ADz0 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question about details of key sigining
Hi Signing documents means that the data is hashed, and then the hash is encrypted with private key of signer. (According to Handbook) Is this the same case when signing not a file, but someones key? When you sign someones keys, does it mean that their public key (with uids) is hashed and the hash is encrypted, or maybe there is no hashing and signing means only encryption of the public keys and uids? Could you point me to specific portions of documentation that cover this issue? Thanks for help. Najwiekszy wybor samochodow nowych i uzywanych! Sprawdz >> http://linkint.pl/f2970 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
