Re: Encryption Algorithm for GnuPG?
Procopius via Gnupg-users wrote: > What is the encryption engine for the current GnuPG. I read that it > isNIST AES. I know IDEA is proprietary so that can’t be used, is this > correct? > > If it’s NIST AES that is under the US Government? Wouldn’t that be in > danger of a US back door in the algorithm? > > Elwin NIST didn't create AES. They selected a subset of an existing block cipher, Rijndael, for use by the US government to replace the previous standard, DES. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I've been hacked and now I only use a key pair on keybase.
Andrew Gallagher wrote: > For the last four years or so, I have maintained my PGP primary key > on a Tails[0] thumb drive, and my subkeys on a redundant pair of > OpenPGP smartcards. This gives me: > > a) offline storage of my master key > b) secure backup of all key material > c) convenient access using any of my existing machines > > I started developing a tool[1] to simplify the management of the > offline primary key on the Tails drive, but development has stalled. > If there is genuine interest out there, I will dedicate some more > time to it. > > [0] https://tails.boum.org > [1] https://github.com/andrewgdotcom/frith > Thanks for outlining your procedure! I will give tails a try soon, but not for PGP usage. I will go for my procedure, involving an offline Notebook and a second key (which I have now on keybase). This will give users the option, when communicating with me, that they either can choose my keybase key, which I think is a good idea from keybase, because it would allow IMHO people to travel to the U.S. without carrying a secret key with them, in case border patrol checks computers etc. and my offline key for "important" stuff, which then will be also used to sign all outgoing messages, regardless which key is used. I think it is a good procedure and in case stuff like tempest attacks etc. would came into play then it is game over, for a normal EU citizen like me. But at least it should keep hackers away from my GnuPG and box encrypted communications. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption Algorithm for GnuPG?
On Sun, 2019-05-26 at 23:30 -0700, Procopius via Gnupg-users wrote: > If it’s NIST AES that is under the US Government? Wouldn’t that be in danger > of a US back door in the algorithm? > Why would them bother trying to split a backdoor in the algorithm unnoticed if it's much simpler to install it in the hardware and go straight for the unencrypted data? In fact, I'm pretty sure they would actually encourage you to use strong encryption just to let your guard down! -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption Algorithm for GnuPG?
On Sun, May 26, 2019 at 11:30:18PM -0700, Procopius via Gnupg-users wrote: What is the encryption engine for the current GnuPG. There’s no single symmetric encryption algorithm. OpenPGP allows a set of algorithms: 3DES, IDEA, CAST5, AES, Blowfish, Twofish, and Camellia [1,2]. GnuPG supports all of them. I know IDEA is proprietary so that can’t be used, is this correct? All patents on IDEA have now expired and IDEA is supported by GnuPG. If it’s NIST AES that is under the US Government? Wouldn’t that be in danger of a US back door in the algorithm? Rijndael was actually designed by a team of Belgian cryptologists. NIST evaluated it amongst the other candidate ciphers of the AES competition and eventually selected it as the winner, but was not involved in its design. [3] - Damien [1] https://tools.ietf.org/html/rfc4880#section-9.2 [2] https://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 [3] https://www.nist.gov/news-events/news/2000/10/commerce-department-announces-winner-global-information-security signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I've been hacked and now I only use a key pair on keybase.
On 26/05/2019 15:42, Stefan Claas wrote: > murphy wrote: > > Hi murphy, > >>> ...until I have the funds to >>> buy me a new *offline* usage Notebook. >> >> Hi Stefan - I don't know your use model but you can't beat a $5 USD >> Rapsberry Pi Zero V1.3 for a cheap offline platform that can compile >> and use GnuPG 2.2.15. murphy >> > > Thanks for the info, good idea! For certain tasks I would > however prefer a small Notebook. For the last four years or so, I have maintained my PGP primary key on a Tails[0] thumb drive, and my subkeys on a redundant pair of OpenPGP smartcards. This gives me: a) offline storage of my master key b) secure backup of all key material c) convenient access using any of my existing machines I started developing a tool[1] to simplify the management of the offline primary key on the Tails drive, but development has stalled. If there is genuine interest out there, I will dedicate some more time to it. [0] https://tails.boum.org [1] https://github.com/andrewgdotcom/frith -- Andrew Gallagher signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Encryption Algorithm for GnuPG?
What is the encryption engine for the current GnuPG. I read that it isNIST AES. I know IDEA is proprietary so that can’t be used, is this correct? If it’s NIST AES that is under the US Government? Wouldn’t that be in danger of a US back door in the algorithm? Elwin Sent using Hushmail___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
