Re: pgp263iamulti06
Are there known, documented security deficiencies in it?
The CSPRNG is almost certainly broken.
PGP 2.6.3 was a DOS program, which meant it could easily get direct
access to hardware. That meant it could use the uncertainty of the
physical world as a key factor in the CSPRNG.
But ever since August 2001 and the release of Windows XP, DOS programs
no longer get direct access to hardware. Everything is abstracted away
through the Windows Hardware Abstraction Layer (HAL) or other similar
layers.
The core assumption of the PGP 2.6.3 CSPRNG ("we can use direct access
to hardware to sample entropy from the physical world") no longer holds
and hasn't been valid for more than twenty years.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Short question regarding config
What's the difference between `|--personal-cipher-preferences' and `default-preference-list'?| The former is your preferences for the traffic you generate. The latter is your advertised list of preferences that are affixed to new certificates you generate. E.g.: if you have p-c-p of CAMELLIA256, TWOFISH, AES256, you will use Camellia if your recipient supports it, Twofish if your recipient supports it but not Camellia, AES256 if your recipient supports it but neither Camellia nor Twofish, and if your recipient supports none of them you'll use 3DES (which all recipients support). If your d-p-l reads AES256, CAMELLIA256, TWOFISH, then any new certificate you generate will have a note on it telling people "I can read traffic encrypted with any of those algorithms." 99% of users will never have any need to use these options. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Short question regarding config
Hi all, What's the difference between `|--personal-cipher-preferences' and `default-preference-list'?| |What ends up in the exported keys? | | | |Thanks!| |- Mihai | ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Short question regarding config
Sorry for the formatting errors. Regards, - Mihai ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
