Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'

[Jean-David Beyer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/25/2015 12:50 PM, Ingo Klöcker wrote:
> On Thursday 24 December 2015 17:02:54 Matthias Apitz wrote:
>> Hello,
>> 
>> I do not fully understand why some 4 random words like
>> 
>> Correct, horse! Battery staple!
>> 
>> is a better passphrase like, for example
>> 
>> Und allein dieser Mangel und nichts anderes führte zum Tod.
>> 
>> i.e. some phrasing which could be memorized better?
> 
> The second sentence is found by search engines (2 hits in
> DuckDuckGo). Don't use it or any other phrase that's has been
> published on the internet. A phrase of 4 random words has a high
> probability that it has not been published on the internet (or
> anywhere else). The tricky part is that you must never put your 
> 4-random-words phrase into a search engine to check this.
> 
> Instead of using a 4-random-words phrase you can use a proper
> sentence with equivalent entropy provided that you do not use a
> sentence that has been published anywhere. Come up with your own
> sentence. Ideally come up with a sentence that doesn't make any
> sense like "The horse was correct. You cannot staple batteries."
> This phrase might be easier to remember and has a similar entropy
> as the above mentioned 4-random-words phrase.
> 
> 

A favorite of mine, not usable then, and even less so now, is the
following:

At Night We Walk in Circles and Are Consumed by Fire

In Latin, that is a palindrome.

It is now the name of a musical composition, and has a group of its
own on Facebook.

https://www.wnyc.org/radio/#/ondemand/510001

- -- 
  .~.  Jean-David Beyer  Registered Linux User 85642.
  /V\  PGP-Key:166D840A 0C610C8B Registered Machine  1935521.
 /( )\ Shrewsbury, New Jerseyhttp://linuxcounter.net
 ^^-^^ 10:35:01 up 1 day, 11:08, 2 users, load average: 4.16, 4.24, 4.19
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iQEcBAEBAgAGBQJWfrg0AAoJEBZthAoMYQyLcOMH/3q0mmnai7E49VontTna/2gf
yZD9FHbiVE7tQl2OZmjNa16AzVMwpTlJxpS82/n3/8ljVxWbyd0JzdStAyq4xONV
hdYN05SL6A43L8dobaO0IQLMB7ZdzJYawQW8wLfKQzevXMMXMiGg5BLMVdhNMqWo
TPOLu8GFPfDGqC1P6EzKplCremb2NsMvrxw1RpxQcNwIksz1S3XO+YZWAYegUmsC
fUCVH3qgTNrlaiG/FFGqBols0RJYS9EsWC/0EWSOZN0TCqzfoWbwPSse76HolV9Y
lkXklPCxaqwan09jtkGwwSye1sTTHjmHA6t1YtK8yRxNc5k/zQKiY3mvLtt23Nc=
=2AOW
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'

[malte]

Quoting Peter Lebbing (2015-12-26 09:53:38)
> On 26/12/15 01:39, ma...@wk3.org wrote:
> > do you have an estimate on the number of unique sentences published on
> > the Internet?
>
> What is your purpose by the way? Look for an estimated amount of entropy
> contained in picking one of those sentences?

Yes. To know if picking a random, but previously published sentence (no
matter the length) may ever be good enough. And then maybe going on to
see if two random, but previously published sentences might be good
enough (-:


Sincerely,

Malte

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'

[Peter Lebbing]

On 26/12/15 01:39, ma...@wk3.org wrote:
> do you have an estimate on the number of unique sentences published on
> the Internet?

Hm how many of those would have been generated by a Markov chain
generator that a spammer used to generate some filler text in a spam
mail? I bet you've seen them, those texts that superficially look like
proper English sentences, but when you look closely, it's completely
non-sensical.

What is your purpose by the way? Look for an estimated amount of entropy
contained in picking one of those sentences?

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG News for November and December 2015

[Werner Koch]

Hi,

here comes the plaintext copy of Neal's status update for November and
December:
(https://gnupg.org/blog/20151224-gnupg-in-november-and-december.html)

   _

20151224-GNUPG-IN-NOVEMBER-AND-DECEMBER

  Neal
   _


  December 24th, 2015


Table of Contents
_

1 GnuPG News for November and December 2015
.. 1.1 See us at 32C3
.. 1.2 Press
.. 1.3 Development
.. 1.4 Contact
.. 1.5 Discussions
.. 1.6 Donations
2 About this news posting





1 GnuPG News for November and December 2015
===

1.1 See us at 32C3
~~

  Werner and Neal will each give a talk at 32C3 as part of the [FSFE
  Assembly].  Both talks are on Monday, December 28th.  Neal's
  presentation is at 16:00 in Hall A.1.  He'll present "An Advanced
  Introduction to GnuPG."  Werner follows immediately at 17:00 with
  "GnuPG and its current state of development."

  If you want to chat, we (Justus, Kai, Neal & Werner) will be around
  during the congress.  (Neal will be mostly hanging out at the Kidspace
  and thus will probably be the easiest to find.)  If you want to
  arrange a chat, send us an email.  If you see one of us, don't
  hesitate to ask for a business card with a list of the keys we use to
  sign GnuPG releases!


  [FSFE Assembly]
  
https://events.ccc.de/congress/2015/wiki/Assembly:Free_Software_Foundation_Europe#sessions


1.2 Press
~

  [Werner was interviewed] (in German) by Jürgen Asbeck from Germany's
  Pirate Party.


  [Werner was interviewed]
  https://www.piratenpartei.de/2015/12/23/interview-mit-werner-koch/


1.3 Development
~~~

  There have been two new releases of GnuPG: version [2.1.10] and
  version [1.4.20].

  Version 2.1.10 is the first GnuPG version to include support for TOFU.
  TOFU stands for trust on first use and should be familiar to anyone
  who uses ssh.  Basically, TOFU is a mechanism to detect when the
  binding between an identity and a key changes.  This can prevent or
  detect active man-in-the-middle (MitM) attacks and forgeries.
  Although this protection is weaker than the Web of Trust's theoretical
  guarantees, we have observed that most people don't bother to sign
  keys or set owner trust.  The practical result is that most users
  don't make use of the web of trust and, as such, GnuPG only protects
  them from passive MitM attacks.  TOFU provides protection against
  active MitM as long as they are not sustained while not requiring any
  user support.  Happily, the web of trust and TOFU can be combined.  To
  read more about how to use TOFU, see this [email].  A more theoretical
  handling of how TOFU works is described in our forthcoming [paper].
  (Feedback is welcome.)

  Another noteworthy addition to 2.1.10 is Tor support.  To enable this,
  simple add the following to your dirmngr.conf file:

  ,
  | use-tor
  | keyserver hkp://jirk5u4osbsr34t5.onion
  `

  (`hkp://jirk5u4osbsr34t5.onion' is the .onion address for [SKS
  Keyserver Pool].)  Note: for this to work, you'll need to be running
  Tor.  On Debian, you just need to install the Tor package; there is
  nothing more to configure.

  2.1.10 also includes a number of small additions.  It is now possible
  to use `--default-key' multiple times and GnuPG will use the last key
  that is available for signing (this is good when using a configuration
  file shared among multiple hosts).  `--encrypt-to-default-key' will
  causes all messages to also be encrypted to the key specified in
  `--default-key'.  `--unwrap' will strip an OpenPGP message of its
  encryption layer (and everyone thing outside of it).  Since most
  messages are signed and then encrypted, this preserves the signature
  (unlike `--decrypt').  `--only-sign-text-ids' causes `--sign' to not
  sign photo IDs.

  In 2.1.10, Neal added code to detect ambiguous key specifications.
  This code proved to be incomplete and has since been removed from git.
  Given that it will take some time to ensure that the code is stable,
  this feature will return in 2.3.x.  (2.2 is planned for the beginning
  of 2016.)

  2.1.10 also includes a number of bug fixes for dirmngr.  In
  particular, there was a bug that prevented fetching a large number of
  keys over TLS streams.

  Both 2.1.10 and 1.4.20 include support for the new `--weak-digest'
  option, which can be used to explicitly mark a digest as deprecated.
  (You should consider doing this for SHA-1, which is no longer
  considered safe.)

  Andre published [version 2.3.0 of gpg2win].  He's also been working on
  GpgOL (a GnuPG plug-in for Outlook).  The latest test version includes
  support for sending PGP/MIME mails.  If you are interested in helping
  to test it, read the [wiki] and follow the [gpg4win-devel mailing
  list] for details.

  Jussi has continued 

Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'

[Melvin Carvalho]

On 24 December 2015 at 17:02, Matthias Apitz  wrote:

>
> Hello,
>
> I do not fully understand why some 4 random words like
>
> Correct, horse! Battery staple!
>
> is a better passphrase like, for example
>
> Und allein dieser Mangel und nichts anderes führte zum Tod.
>
> i.e. some phrasing which could be memorized better?
>

Might help:

https://rya.nc/cracking_cryptocurrency_brainwallets.pdf

(See slide 35)


>
> matthias
> --
> Matthias Apitz, ✉ g...@unixarea.de,  http://www.unixarea.de/  ☎
> +49-176-38902045
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users