Re: get OpenPGP pubkeys authenticated using German personal ID
On 2023-05-31 16:55, Bernhard Reiter wrote: > Governikus provides the online service for authenticating your OpenPGP key on > behalf of the German Federal Office for Information Security (BSI). This > online service compares the name read from your ID card, your electronic > residence permit or eID card for citizens of the European Union with the name > specified in your OpenPGP key. If the names match, your public key is > electronically signed by Governikus, confirming the match. Considering the persistent attempts of the EU to scan all encrypted communication, would you think it is wise to prove to one of the governments pushing this which key is yours? GnuPG encrypted mail can be analyzed to see what the receiver's keyID is so using such a key with another mail address would inform any snooper that it is yours. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's
On 2023-04-30 21:01, Ineiev via Gnupg-users wrote: >> All I want is an option to ignore adk's - and it should not claim >> anything else than that. > > Can't you remove ADK subkeys from your keyring? On someone else's key? -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's
On 2023-04-30 16:54, Andrew Gallagher via Gnupg-users wrote: >> That might be, but it is nowhere certain that this escrow will happen, >> especially if they roll out adk's. > > You’re inverting the burden of proof here. The important consideration is > that E2E can’t prove that a key *wasn’t* escrowed - so it’s much better for > the software to make no claims about it than potentially misleading ones. There is also no strict proof that the employer doesn't have access to the personal key of the receiver. All I want is an option to ignore adk's - and it should not claim anything else than that. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's
On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote: > E2E encryption can’t protect you from your correspondent disclosing your > communication at the other end. That is obvious. > Whether this is done voluntarily or under duress from their employer is an > opsec issue, not a comsec one. If it is an ex-employer that might be more compicated. > The danger of an “ignore ADK” option is that it gives a false sense of > security. It is already possible for an employer to require escrow of the > decryption subkeys of their employees - ADK actually makes this process more > transparent. That might be, but it is nowhere certain that this escrow will happen, especially if they roll out adk's. Not providing such an option might be a case where the perfect is the enemy of the good: it might not be a perfect solution but it can be better than the alternative. Besides, this is begging for GnuPG forks to arise, and if those forks are well implemented remains to be seen. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's
On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote: > It does not make any sense so have such an option. If a user wants to > allow colleagues or an archive system to decrypt her mails that is her > decision. What I've had in practice in one company: you got a company key with a personal key and an adk added. Nothing to want from my part there. If I want to mail someone at such a company I may just want to ignore the adk. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's (was: [Announce] GnuPG 2.4.1 released)
On 2023-04-30 13:22, Andrew Gallagher via Gnupg-users wrote: > Just curious, what’s the threat scenario here? The HR department of the receiver. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ADK's (was: [Announce] GnuPG 2.4.1 released)
On 2023-04-30 1:15, ckeader via Gnupg-users wrote: > Can't call it that as long as it's under user control (every long option of > the software has an equivalent config file option. You don't add such a key > via config or command line, no adsk will happen as it's not configured). On my key, yes, I can choose to add an adk or not of course. But suppose I want to encrypt to a key that has an adk added, but I only want to encrypt to that key and not to the added adk? How do I do that? > If you're using gpg built by your org, you have no trustworthy environment > anyway. Probably, but when I answer a mail from home with my own GnuPG I want to be able to ignore adk's. > And the feature needs to be supported by the client. You, currently I run gpg 2.2 so it's not of immediate concern. But when I eventually upgrade I want to be able to ignore adk's. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.4.1 released
I get a 404 not found, the last version preesent on the server is 2.4.0. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
ADK's (was: [Announce] GnuPG 2.4.1 released)
On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote: > * gpg: New command --quick-add-adsk and other ADSK features. > [T6395, https://gnupg.org/blog/20230321-adsk.html] So you finally caved in to the backdoor demands. What I'm missing (maybe I just didn't found it?) is an option in my config file to ignore adk requests and just don't encrypt to those keys as well when I send or reply a message. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Error importing fetching key from wkd
On 2022-05-28 20:29, Werner Koch via Gnupg-users wrote: > Note the Brainpool curves. Seems that Redhat still patches them out of > libgcrypt. Why do they do that? BTW, when I search for brainpool I only find definitions and RFC's, I seem unable to find why they are needed (or why they would be peferred) over other curves. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backing up your PGP key by hand
On 2022-05-25 22:22, Francesco Ariis wrote: > Paper was first made in the Chinese Empire, around two millennia ago I see that that was indeed considered what we call paper today, unlike the ancient Egyptian papyrus. > Sheets made with high quality pulp survived to this day. Some sheets survive. I'm sure some CDR's and some USB sticks will also survive for many centuries, but most probably won't. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Backing up your PGP key by hand
On 2022-05-23 5:01, Stuart Longland via Gnupg-users wrote: > On the other hand, there are paper recordings that have lasted millennia. Since paper as we know it today doesn't even exist so long that can't be true. Maybe you are pointing to the few surviving papyrus texts? Most have not survived. If you really care about such long preservation, carving the key into stone or baking it in a clay tablet are the only known methods that can reliably store data for so long (also because other methods don't exist for so long). Even if the USB stick lasts for millennia, there may not be a reader for it around at that time. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Preventing public key upload to key-servers
On 31-01-2022 18:11, Andrew Gallagher via Gnupg-users wrote: > This is incorrect. All three of the commonly-used HKP servers can remove > keys; this has been done for years to remove poison (i.e. oversized) > keys that cause DoS. However doing so comes with costs. Yes, that was the issue that I know about. I seem to have mistaken HKP for SKS. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: First Amendment and Marines?
On 29-01-2022 18:58, Robert J. Hansen via Gnupg-users wrote: > But if you're an American without EU ties, the GDPR is yet another piece > of foreign legislation we don't need to pay attention to. And when > Europeans baldly say "the GDPR applies worldwide, you must follow it," > what we hear is "the EU overrides your silly Constitution." However, the opposite also occurs: some US companies appear to be shocked when I, as a European without any ties to the US, claim I won't comply to a DMCA request because we don't have such a law here. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Preventing public key upload to key-servers
On 29-01-2022 4:43, jonkomer via Gnupg-users wrote: >> When the keyserer operator operates outside >> of the EU I don't think that is a legal problem. > If an individual that requests his personal information is > removed (i.e., the "right to be forgotten") is EU resident, > GDPR applies regardless of the jurisdiction in which the > information server is located. That's what the EU claims. Other countries can value that opinion just as much as some other countries that want people convicted outside their borders for insulting Dear Leader. If the EU isn't ready to use the ultimate law (might makes right) then it's just a dead letter. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Preventing public key upload to key-servers
On 28-01-2022 21:02, jonkomer via Gnupg-users wrote: > How do individual key-server owner/operators react to > formal GDPR "forget me" requests; either by e-mail users, or > by mail domain owners? Any known legal precedents? There are known technical issues: the HKP keyserver does not allow keys to be removed, GDPR or not. When the keyserer operator operates outside of the EU I don't think that is a legal problem. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: pgp263iamulti06
On 23-01-2022 21:23, Robert J. Hansen via Gnupg-users wrote: > No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard > interrupts harvested directly from the hardware to get a collection of > random bits which it then fed into the CSPRNG to be expanded out into a > large quantity of randomish bits. Is this also used when generating symmetric keys? Or only used by secret key generation? If the last is the case, then existing keys generated on DOS (or Linux?) might be safe (apart from a possibly short key length). BTW, I remember I compiled 2.6.3ia with Visual Studio 5 on windows 95 and that was easy (just put all C files in a new project and build it). The added advantage was that I got long filename support without any code changes. I assume that it would work the same for the multi versions although I never tried, none of my contacts used those. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On 18-01-2022 17:23, Robert J. Hansen via Gnupg-users wrote: >> 1.4 should be able to decrypt all 2.6 generated data. > > Not from the Disastry builds, which extended 2.6 to support newer > algorithms. Lucky for me I never use that version, as I never respected the copyright of the RSA and IDEA algorithms (questionable in Europe anyway). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On 18-01-2022 15:54, Robert J. Hansen via Gnupg-users wrote: >> Well, a bit more respect for backwards compatibility would help a lot >> by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed >> just to be able to read all my old data. Some people just refuse to >> update to versions that routinely break backwards compatibility. > > You've had literally 27 years to migrate your data. I have zero sympathy. Migrate? That data is in my mail archive. While it would be possible for me to write a program to scan the mail file for pgp blockes, check which pgp version is used, decrypt the data, re-encrypt it with a modern gpg version and replace that textblock, it would still lose information about dates and signatures. Those who are confined to mail clients that use binary file formats (read: Outlook) don't have that option unless you know a way to do that in .pst files. How I can do that with mail located at my provider, who probably does not give me write access to the raw mailbox file, is also a mystery to me. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Side-channel attacks
On 17-01-2022 0:09, Robert J. Hansen via Gnupg-users wrote: > I was asked for help with something in the 1.2 series (!!). Without > exception, our first response is usually "for the love of God, upgrade!" > > They rarely do. It's worked fine for them for a decade or more, and > they're not going to change... Well, a bit more respect for backwards compatibility would help a lot by that. Now I'm forced to keep an 1.4 and pgp 2.6 version installed just to be able to read all my old data. Some people just refuse to update to versions that routinely break backwards compatibility. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.2.31 (LTS) released
On 16-09-2021 12:27, Werner Koch wrote: > https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.31_202109.exe.sig The signature file can't be found. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Call me crazy, but ...
On 14-07-2021 19:32, Стефан Васильев via Gnupg-users wrote: > from trusted EU sources, We may have a different idea about "trusted". There are enough fake official ID's, like undercover police uses. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Call me crazy, but ...
On 14-07-2021 15:41, Brandon Anderson via Gnupg-users wrote: > What exactly stops me, a person wanting to impersonate that user, from > putting the same QR-Code I got from that public key into my own keypair? Nothing. This latest EU implementation of a social credit system is intended to be used with an offline ID card. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Big curiosity
On 13-06-2021 16:06, knighttemplar5--- via Gnupg-users wrote: > I have been contemplating subscribing to an email forwarding service > that will encrypt all the forwarded mails to me with my public key. > Lets imagine the country where the forwarding takes place can see all my > emails in plain text and at the same time the same emails PGP encrypted, > can enough of this data pose a threat to my private key? What you describe is in cryptography known as a known-plaintext attack. It can happen in a less obvious way. For example I remember the old Word Perfect 5 for DOS that had the option to encrypt its files. It did that by XORing the entire file with your password. However, because the first few bytes of a WP file were always the same it was trivial to deduct the password from a file that was encrypted with this method. So XOR is vulnerable to a known-plaintext attack. However, since this is a well-known attack (it was already used against the German Enigma code in WW2), all modern encryption algorithms are tested against this and will certainly not be put in GnuPG is they are vulnerable to it. So, in short, the answer to your question is "no, it is not a threat". -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How would you do that ...
On 03-05-2021 15:39, Robert J. Hansen via Gnupg-users wrote: > and gave her drives a low-level format. I remember from the stone age (end 1980's begin 90's) that you could low-level format a disk with the DOS command debug by calling some BIOS routine by assembler routines. Modern harddisks don't allow that anymore. Should I assume that "low-level format" in this case means something like dd if=/dev/zero of=/dev/sdX -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
On 01-04-2021 17:54, Stefan Vasilev via Gnupg-users wrote: > Fax is faster than email and arrives, while email delivery to a > recipient can not On;y if the recipient has a landline that can always pickup the fax call. A more and more uncommon situation. I don't have a landline anymore, no use for it. > many users. Third assuming households have muli-purpose printers too > they can simply scan the Fax for further processing. What a waste of paper and expensive ink. And I don't have a (functioning) printer anyway, why would I? I can read everything on screen. Maybe RMS might do something like that but while I support him in the current which hunt I'm not as strict as he is about using modern hardware. Killing some Google services like advertising id on my phone and blocking ads is as far as I go. >> Why limit yourself with expensive special purpose hardware that has far >> less options than the current? > Why not, this product is available and does not limit Internet users to > do other thing besides encrypted Fax usage. Why buy expensive special purpose hardware for only that use case? > No, Signal is an easy to monitor smartphone tool needing a server with > registered users, while Not really easy to monitor, not since they implemented "sealed sender" so the server does only know the receiver, not the sender. > PGPfone was a Computer usage only tool, for direct and secure comms, > between two endpoints, Who both had to synchronize being online at the same time. That might have been acceptable 20 years ago but not now. > without server usage. Dialing was done from IP address to IP address and > verified with the included PGP wordlist. That might cause problems now that most people have dynamic IP addresses. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
On 31-03-2021 22:28, Stefan Vasilev via Gnupg-users wrote: > Hopefully the Industry will take a look at affordable hardware based > encrypted Fax comms for Fax? To get the information on paper? In 2021? Why? > Hardware based AES/DH crypto phones (no smartphones) would be a welcome > addition too. Why limit yourself with expensive special purpose hardware that has far less options than the current? > Or that the OpenPGP community revives PGPfone, for free Internet calls, > at least ... I think Signal has already stepped into that niche. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: So long, and thanks for all the fish.
On 23-03-2021 6:59, Robert J. Hansen via Gnupg-users wrote: > Last year when the FSF removed him from the Board of Directors, I > welcomed the news. I hoped the FSF would appoint better leaders. They > did not: instead, they've reappointed him to the board. Excelent news, finally a case where cancel culture has been overruled. That was about time in the current McCarthyism-like culture in the US, where "communist" is replaced by "non-woke". -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: On future of GnuPG
On 05-01-2021 23:07, Robert J. Hansen via Gnupg-users wrote: As always, it probably depends on who you have the most to fear from: your government, corporations, or maybe someone else? > In Europe it's a lot different. There, the prevailing culture cares a > lot more about limiting the ability of businesses to learn things about > a person than with limiting the ability of governments. That is changing. Now that governments are ourtsourcing censorship to corporations in their struggle against unwelcome news (these days they call that often "fake news" or "Russian propaganda" and voices are getting stronger to censor unwelcome messages directly, recently enhanced by protests against the covid measures, protection against the government are getting more important in Europe as well. But that is not yet much reflected in actual policies being made, mainly because those policies are made by the very people we need protection against. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thunderbird / Enigmail / Autocrypt
On 23-11-2020 7:08, Matthias Apitz wrote: > Since ages human read mails in ASCII or UTF-8 text. Why you think this > is not a "human readable format"? Sure, hand crafted html in a text reader is human readable. But the html that is vomited by Outlook is not (unless you are a very experienced web developer). > HTML as e-mail (read carefully: as email, not as attachment) should be > forbidden because most MUA automatically fetch additional remote content > which violates privacy and can fetch bad content into your system. Fortunately Thunderbird does not do that by default. But you can select trusted domains for which it does if you like. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thunderbird / Enigmail / Autocrypt
On 22-11-2020 12:38, Juergen Bruckner via Gnupg-users wrote: > I don't understand why HTML in e-Mails is so important for some people. I agree on a personal level, but if you use your email also to communicate with business users (usually using Outlook) it would be nice to get their mails in a human readable format. Which requires, unfortunately, usually html. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why is Blowfish's key size limited to 128 bits in RFC 4880?
On 13-10-2020 16:46, Dieter Frye wrote: > Now if any of this remains true today, I cannot tell (I did the research a > number of years ago so it's possible something changed along the way), but > even if not, it would still make sense to me to allow for greater (or > better yet, full) key size to be utilized specially for situations when > performance is extremely critical and something like Twofish just won't > do. Be careful though, there are ciphers known where extra keybits don't increase security. If there are situations where they actually reduce security I don't know, but the cipher would have to be re-investigated after such a change. Having said that, 128 bits is really enough, 256 is overkill "just because we can". > As for AES, while there doesn't seem to be anything fundamentally wrong > with it, the fact that it was pushed so extensively by the powers that be > and the fact that it's considerably easier on the hardware (as compared to > say, Twofish), makes it a candidate for large-scale, targeted > cryptanalysis, so I wouldn't put it past me that the NSA's onto something > already. Brute-forcing a 128 bits keyspace and certainly a 256 bit one is still limited by the laws of physics, like in: - It takes more time than the age of the universe, - It requires more energy than the stars in the milky way emit during their life, - If you try to seriously paralellize it, there is not enough matter in the known universe to build all those computers. As long as the above are the limits I feel secure enough with the keysize. Quantum computers with enough qubits reduce the workload to brute force symmetric ciphers typical by a factor of a square root, so for those 256 bits is sufficient. But then the public keys become the weak point, the short-keyed elliptic curve algorithms long before RSA and Elgamal (but when elliptic curve gets into trouble you know it's only a matter of time before the others will be too so they do need replacement then). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Brace yourself: User-friendly but broken OpenPGP is here
I wrote: > It would be nice if GnuPG implemented an override option to use this key > for decryption anyway. Sorry, I see from Vincent's mail that GnuPG already does this but it might be the keycard that is causing this. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Brace yourself: User-friendly but broken OpenPGP is here
On 29-08-2020 16:17, Sheogorath via Gnupg-users wrote: > A closer > inspection of the key ID showed that it was encrypted with my master > key. A key that is not marked to be used for encryption. It would be nice if GnuPG implemented an override option to use this key for decryption anyway. The alternative is that people will fall back to unencrypted mail. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Password Decript GPG public key
On 24-08-2020 8:08, Guille De La Torre via Gnupg-users wrote: > Hello good evening, is it possible to create a key for symmetric > encryption in such a way that the person who has my public key does not > need to enter a password? to decrypt. The receiver uses your public key only to encrypt and verify. If you send him encrypted mail you need HIS public key to encrypt the message, and the receiver needs his secret key to decrypt it. If the receiver protects his secret key with a password is something you have no influence over. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: In case you use OpenPGP on a smartphone ...
On 19-08-2020 23:28, Ingo Klöcker wrote: > We need to stop calling such rubbish "theories". Better call it "conspiracy > myths" or "conspiracy tales" or "conspiracy stories" or anything else that > makes it clear that (unlike scientific theories) it is not supported by facts. You mean like the conspiracy myth that the NSA was eavesdropping on everyone, whether they were allowed to or not? Yes, that was not supported by facts (before the Snowden revelations) so it must have been utter rubbish. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: In case you use OpenPGP on a smartphone ...
On 11-08-2020 21:49, vedaal via Gnupg-users wrote: > There is already a simple existing solution. Simple is not how I see this. > [1] Encrypt and decrypt on a computer that has internet hardware disabled. > [2] Use an Orbic Journey V phone that gets and sends *only text* > [3] Use a microsd expansion card on the orbis phone The Iranians though this too. And then someone invents Stuxnet-like attack software. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: In case you use OpenPGP on a smartphone ...
On 11-08-2020 17:18, Stefan Claas wrote: >> Why hardware? If a bug is found you can't upgrade it easily. > > Because hardware can't be tampered with like software. If a hardware bug is found you're still lost. Even Apple has found out the hard way. >> On mobile, encrypted messengers are the norm. WhatsApp is the biggest, >> and it uses Signal's encryption algorithm which is excellent. > > And you think that continuing with those is a good practice since > Mr Snowden's YouTube Video was released? It is a risk, but not a bigger risk than someone taking over your pc or laptop. Signal and GnuPG are both defenseless against that. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: In case you use OpenPGP on a smartphone ...
On 11-08-2020 11:39, Stefan Claas wrote: > Based on my proposal, I would like to see in the future (OpenSource) > *hardware* based encryption products, for at least voice comms, which > is affordable for the majority of us and easy to use, so that people > do not need to use good old email encryption for important things, > on a mobile device. Why hardware? If a bug is found you can't upgrade it easily. On mobile, encrypted messengers are the norm. WhatsApp is the biggest, and it uses Signal's encryption algorithm which is excellent. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Newbie question.
On 28-07-2020 14:42, Ralph Seichter via Gnupg-users wrote: > confused with facts. The amount of BS that can be found on Wikipedia is > case in point. Do you have examples of this for security related subjects? I know there are issues with politically sensitive subjects but that has usually other reasons. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Protecting encryption server
On 28-07-2020 14:12, Robert J. Hansen wrote: > You can't. There is little to no defense possible against a trusted > insider that's gone rogue. The best you can do is to vet your people > carefully and, in the event of treachery, to use whatever legal means > are available to dissuade future treachery. Recent real world examples: Encrochat, Ironchat, Enetcomm. In some cases the operators became traitors, and I doubt that legal actions are very high on their treat list considering the kind of customers they served. Some of them will probably die suddenly of lead poisoning. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: decrypt aes256 encrypted file without gpg-agent
On 30-06-2020 12:10, Werner Koch via Gnupg-users wrote: >> Do not break backwards compatibility if you want all people to upgrade. > > Do not update so that the bad guys can exploit your legacy software ;-) > > There are well documented reasons what we don't support MDC and PGP3 > keys anymore - it was complex to support and virtually impossible to > make sure that the message has not been tampered with. Not supporting encryption anymore I can understand, but by removing decryption ability which makes old mail archives unusable you can't realistically expect people to abandon 1.4 completely. Complex, nah, you can always put the v3 key code in a separate set of functions that are called when a v3 header is detected. Maybe not the cleanest design but for code that is probably not going to see any changes it would work. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: decrypt aes256 encrypted file without gpg-agent
On 29-06-2020 19:40, Werner Koch via Gnupg-users wrote: > Do not use 1.4 unless you have to decrypt old non-MDC protected data or > data encrypted to a legacy v3 key. Do not break backwards compatibility if you want all people to upgrade. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
On 18-05-2020 18:16, Robert J. Hansen wrote: > Instead of > spending 30 minutes talking about why it's okay if public certificates > are shared, we could instead just say "we're not going to share your > public key with anyone without your written consent" and spend those 30 > minutes talking abut more productive things. Which might be a good thing for those customers, the fact alone that someone is a customer of a certain law firm might be sensitive information in some cases. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
On 16-05-2020 17:56, Robert J. Hansen wrote: > I tell them, "I will not be able to use OpenPGP with you until such time > as you UID conforms to the standard. You confuse "not being able to" with "not willing to". -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: keys require a user-id
On 16-05-2020 15:57, Peter Pentchev wrote: > But it is > also fine for other people to say "okay, sure, you have your > experimental features, but I'll wait until they're standardized until > I do the work on implementing them myself; also, let's discuss whether > they are even needed." Have the bureaucrats who define standards have finally fixed the DOS issues about keys spammed with signatures or is it still being "discussed whether they are even needed."? This strictly following standards removes all flexibility from implementations. I am beginning to understand Moxie Marlinspike's ideas about all these committees holding back progress better and better. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
On 12-05-2020 17:04, Sylvain Besençon via Gnupg-users wrote: >> Probably not. The future is elliptical-curve cryptography, which will >> bring a level of safety comparable to RSA-16384. Yes, if attacked by classical computers. > However, I would be interested to know which ECC cipher would you > recommend to replace RSA. None at all. I'd say probably one of these: https://en.wikipedia.org/wiki/Post-quantum_cryptography but I am no expert. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote: > For example, a 256 bit elliptic curve key has a similar strength to a > symmetric key of 128 bits. Until, of course, a working quantum computer with more than a few qubits is constructed. Then ECC is much more vulnerable than RSA or ElGamal due to its smaler keysize (of course once a 256 bit quantum computer gets constructed I would also worry about 8192 bit RSA being vulnerable too in the very near future). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Maybe a good date to create a new key pair ...
On 02-02-2020 13:35, Stefan Claas via Gnupg-users wrote: > today is Palindrome-Day! You can always set your computer's clock to a different date if you like a specific creation date of course. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-agent relocation error
On 11-12-2019 22:12, Ajax via Gnupg-users wrote: > The command: gpg-agent --version gives me the following output: > > /--- > gpg-agent: relocation error: gpg-agent: symbol > assuan_sock_set_system_hooks, version LIBASSUAN_1.0 not defined in > file libassuan.so.0 with link time referencel > \--- > > libassuan.so.0 is linked to libassuan.so.0.8.3. That's quite an ancient version, current version is 2.5.3. My first guess is to upgrade libassuan. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: seeking consensus
On 17-10-2019 21:18, Robert J. Hansen wrote: > 1. How should we handle the SKS keyserver attacks? > > One school of thought says "SKS is tremendously diminished as a > resource, because using it can wedge older GnuPG installations and we > can't make people upgrade. We should recommend people use other methods > than SKS." If you think this is correct, please let me know what you > think the alternate method should be. > > Another says, "with a recent GnuPG release SKS may be used productively > and we should keep the current advice." I'd say split it: if there are reasons to use gpg 1.4 for compatibility or other reasons, don't use sks. If you're using gpg 2.2.17 or newer, you can use it. The people who knowingly use 1.4 will know they're in that category. > "Your existing RSA-2048 keys are fine, you don't need to take any action" Yet. Please look again in 5 years (estimate is till 2030 but some unexpected attack might appear). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Future OpenPGP Support in Thunderbird
On 16-10-2019 17:37, Binarus wrote: > - either in understanding the APIs and command line parameters of a > library / utility, and to keep up with changes, or > > - in re-inventing the wheel, which in this case for sure will cost much > more time and eventually produce catastrophic security breaches and > software which is drastically inferior compared to what we have now. There is a 3rd option: build the library (open source anyway) and build it directly into the product. That has the advantage of using existing, tested code, allows to dump a lot of complexity for unused edge cases and prevents the problems with different library versions with changes between versions. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Android
On 16-10-2019 13:02, Daniel Bossert wrote: > Is anybody using pgp on Android? I did some years ago, would like to, > but am afraid of security reason. I use APG for old pgp 2.x keys and OpenKeyChain integrated in k9 mail for modern keys. The secret keys are protected by a password, that's my key protection. When I loose my phone, or when it gets stolen or confiscated, I'll revoke the key and create a new one. I don't believe anyone can protect a file on a phone against a skilled forensics lab. Even the best protected mobiles get cracked eventually (see the recent bootrom exploit in almost all iPhones for example). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP Key Poisoner
On 14-08-2019 11:38, Alessandro Vesely via Gnupg-users wrote: > Of course, anonymous key poisoning is a kind of gratuitous vandalism. > Yet, crypto is supposed to work in a hostile environment. But this is only an extreme form of what an old keyserver already did: it issued (I believe every 6 months) a new signature. Arguments about DoS attacks were already given then. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: "right to be forgotten" nonsense
On 16-01-2018 15:16, Phil Susi wrote: > There isn't merit. It became public, not private, the moment you > published it. I have the right to free speech, the EU be damned. Are > these numbnuts going to demand that libraries black out newspaper > articles on microfilm because they mention someone that doesn't like the > coverage of themselves? No, they will "only" try to make it hard for anyone to find that article. Not that I agree with it but that's the intended scope. > Sure, I molested children 5 years ago, but I > have the "right to be forgotten" so when anyone searches for my name on > the Internet they won't find out. Give me a break. Using this right to wipe published convictions is explicitly stated as a reason to refuse the right to be forgotten. The same for some other issues, like public statements of politicians. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SHA1 depreciation ??
On 28-06-2017 19:35, Joshua Hudson wrote: > I found out it's really hard to make a key that doesn't say "Digest: ... > SHA1" in its attributes. Probably because RFC-4880 states that "Implementations MUST implement DSA for signatures", and DSA used to be SHA1 ony. I'm not sure if SHA2 can already be used, and even less sure if implementations without SHA1 are comforming to the standard. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526
On 04-07-2017 18:30, Werner Koch wrote: >> Is 1.4 vulnerable to this attack as well? I know it ows not use >> libgcrypt but I'm not sure about the vulnerability. > > Maybe. And probably also to a lot of other local side channel attacks. Is that going to be fixed, or is 1.4 now really considered EOL? -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526
On 29-06-2017 9:28, Werner Koch wrote: > The GnuPG Project is pleased to announce the availability of Libgcrypt > version 1.7.8. This release fixes a local side-channel attack. Is 1.4 vulnerable to this attack as well? I know it ows not use libgcrypt but I'm not sure about the vulnerability. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I think that's a false dichotomy
On 05-09-2016 0:45, Robert J. Hansen wrote: >> Do I smell a little bit of a Stockholm syndrome here? > > The Stockholm syndrome is half-pop science and half-real. I know what it is. You have obviously worked too much with those forces in law enforcement that prefer that citizens can't keep any secrets from them, and you are beginning to sympathise with them. > So what you've just done > is accused me of emotionally bonding with some of the worst evil in > humanity. I'm not _that_ fond of the police, but I would not yet call them "some of the worst evil in humanity". > You've been added to my killfile. We won't be speaking again. Long toes, eh? Fine with me, bye. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: I think that's a false dichotomy
On 04-09-2016 3:05, Robert J. Hansen wrote: > Now, of course I don't want the civil authorities to have > legislatively-mandated back doors into every system. I don't think > that's an appropriate solution. But I do believe the civil authorities > need appropriate mechanisms to pursue their lawful ends (and effective > oversight systems to ensure they're being used lawfully). In case of decent encryption, a backdoor is the only way to achieve that. If the police stands at my door with a warrant, I have the right to deny them entrance. However, if I do they will kick my door. They can confiscate my encrypted files too, but without my help they can't get in. Same situation, different outcome. > I'm transitioning out of my job, where for the last eight years I've > been doing research and development into digital forensics, mostly for > government customers. Do I smell a little bit of a Stockholm syndrome here? > The amateurs are easy to catch. But there are some genuinely crafty > people in this world, and they practice astonishingly good operational > security. You have to accept that some crimes will go unpunished. In a nice democracy even more than in a totalitarian dictatorship. In The Netherlands, the lowest rate of crime was in the days during the German occupation in WW2. Not only was there less to steal to begin with, but the repression on lawbreakers was very severe. I prefer to have some crimes unpunished above living in a totalitarian dictatorship. Even if it are very serious crimes. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On 24-08-2016 16:27, Robert J. Hansen wrote: > Ideally, because they present options that may work better than what we > currently have. Privacy absolutism -- the position that there is *no* > justification for infringing on individual privacy, even in the case of > serious crimes -- doesn't offer anything better than what we currently > have. In fact, many people would think it was a lot worse. I probably misunderstood you. My position is that there is no compromise possible in the ability of people to protect their privacy. If it can be broken by passive technical means - bad implementation, weak password - that's OK with me. If it requires active hacking - keyloggers or so - that's not OK with me. If it requires pressuring people to give up their privacy - fines or jail time when not revealing their password - then I firmly oppose that. > But if you're okay with technical attacks, you're not a privacy > absolutist, either. If your solution is targeted malware, remote > exploits, Trojans, and the like, then you're permitting the government > to do an awful lot to subvert privacy. With technical attacks I meant more the like of cracking the crypto, not active hacking of computers or other devices. All said, I think our opinions are not that different. All I hope is that the current situation in Europe does not get used as an excuse to implement laws like the UK has, where not revealing passwords can get you jail time. Fortunately with perfect forward secrecy in messengers like Signal and Whatsapp even that becomes impossible, you can't even decipher intercepted chats from the past because the keys don't exist anymore. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On 24-08-2016 15:17, Robert J. Hansen wrote: >>> 2. If yes, why should we listen to you? >> >> The child porn excuse is used too often... > > But this doesn't answer my question. > > Why should we listen to a privacy absolutist? Why would we listen to anyone for that matter? >> You can try - someone might have used a weak password, wrote it down >> somewhere or made another mistake. Or can be pressured into telling it >> (the famous $5 wrench comes to mind here). > > Wait, wait, wait. > > You're opposed to *any* kind of privacy circumvention... but you're okay > with torture? No I'm not, it was only an example that current western governments are considering (however, they are applying the more moderate "lock him up until he talks"). In hindsight it was a bit ill-formatted to put it between the methods I did agree with. I'm OK with technical attacks, I am firmly against obligations to talk or pressuring people to talk with torture, prison terms or fines. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On 24-08-2016 8:41, Werner Koch wrote: > Whether the current German rules on when and how constitutional rights > on privacy can lawfully be suspended are still in compliance with the > constitution is a different question. They can try the French method: declare the state of emergency after some terrorist attack. German prime minister Merkel faces already stern opposition because of here views on immigration so it might suit her well. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Attacks on encrypted communicxatiopn rising in Europe
On 24-08-2016 4:26, Robert J. Hansen wrote: > 1. Are you a privacy absolutist? Yes. > 2. If yes, why should we listen to you? The child porn excuse is used too often. The terrorism card is also played often (not that it would help much against that as all known exmples show). And then comes the drugs excuse (where it might work but that's where a lot of people start to think "so what?"). And then come the tax evaders ("you pay more because he hides his administration"). Eventually you land in the situation you have in the USA, where people are being investigated because they have unwanted political opinions or oppose those in power like Clinton, or the situation in Turkey where people get jailed for supporting a competitor of the current sultan. Point is, the government can't be trusted. And even if you trusts today's one, tomorrows one might be another thing. > 3. If no, then how should we permit privacy tools to be > circumvented? You can try - someone might have used a weak password, wrote it down somewhere or made another mistake. Or can be pressured into telling it (the famous $5 wrench comes to mind here). But that's all you got. And the child pornographers will still use decent encryption because in any sane country the penalty for child abuse is higher than the penalty would be for refusing to decrypt. Unless you want to change that, the child abusers (or even those who only download other's pictures)will still use encryption, but everyone else is at risk. Not to mention terrorists who do use encryption: if you're going to die anyway, why would they care? -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Attacks on encrypted communicxatiopn rising in Europe
In http://www.heise.de/newsticker/meldung/Justiz-soll-verschluesselte-Terror-Kommunikation-auswerten-koennen-3302594.html (German), the German and French government are attacking the right to encrypt communication of their serfs. Also because of their violent anti-encryption opinion I was glad to see the Brittish influence in the EU shrink but now we have this. I don't know what they will come up with, but as GnuPG community we should be prepared because development is in Germany (and we thought to be safe from the US there...). Also, Silence. the encrypted sms fork from Signal is developed partly in France. Both GnuPG and Silence have the advantage that they are open source and don't require central servers. Signal has the advantage it's open source and does not have a commercial presence here that can't be attacked. For WhatsApp things look not as well. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Which GPG version?
On 01-08-2016 17:54, whi...@mixnym.net wrote: > I see that there are three versions of GnuPG available. Assuming > no hardware constraints, is there any reason to choose Classic 1.4 > or Stable 2.0 instead of Modern 2.1? It appears to do everything > the others can and more. It does not. If you want to be able to read pgp 2.x encoded archives you'd better go for 1.4. If you insist on using elleptic curve keys you need 2.1. As for 2.0 and 2.1, I think the interface of 2.0 is more stable so if you use scripting, a 2.1 update might break it. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What am I missing? (Again)
On 31-03-2016 3:41, listo factor wrote: > On 03/30/2016 12:16 PM, listo factor - listofac...@mail.ru wrote: > 1) Is it correct that this particular device maker designed a > sophisticated hardware-based system with the specific purpose of > thwarting the brute-forcing of ridiculously low-entropy user's > secret? > Yes/no? Both apply here: Yes they did design such a device. No they didn't use that in this particular model (iPhone 5c). It is used in the devices that contain a fingerprint scanner (5s and up). > 2) Is it possible for the user to circumvent the potential problem > of the device maker cooperating with his adversary to by-pass this > protection, simply by using a pass-phrase of an appropriate length? > Yes/no? Yes. > Is anybody on this list user/owner of this device? (as I am not). Sorry, I don't have an iPhone 5c. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What am I missing?
On 30-03-2016 20:08, Robert J. Hansen wrote: > My position: "The FBI already had precedent on their side from clubbing > other smaller companies, and they decided they finally had enough legal > support to go after the big fish: Apple." I didn't see this from the legal files, but did the FBI used these precedents in court? Further, a legal battle might be expensive but if you're a company over a certain size it's all the same. There is not really an advantage of having 10T$ instead of only 1T$ in your bank account. > Do I think the FBI had plans for how to capitalize on a court victory? > Sure. But this particular idea, that the FBI wanted to get precedent on > their side to go after smaller players next, is ... it's crazy talk. OK, perhaps going after others was not their main goal. However, using this tool to crack other iPhones was surely on their wish list. > The Middle East in particular is full of small, weird mobile phone > manufacturers. Looking over my notes of mobile manufacturers I've > worked with and starting at the top, there's Alcatel. Lot of Motorola, > lot of Samsung, and at the end there's ZTE. But how well are they protected? Android disk encryption uses (by default) the key you use to unlock the screen, which is probably easy in most cases. BTW, "Johann" with 2 n's is the German spelling. In Dutch it's only 1 n at the end. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What am I missing?
On 30-03-2016 15:46, Robert J. Hansen wrote: >> The FBI wanted clearly an easy access to ALL devices and a court ruling >> to force other companies into compliance... > I try not to get involved in conspiracy theories, but this one's just... > outrageous. Why would this be an outragious conspiracy theory? What could the FBI possibly find in that phone that would be so important? Nothing for a court case because the owner was already dead, and they already ghave the records who he called with the device, they can be obtained from the carrier. > So, let's assume the FBI wanted a court ruling to force other companies > into compliance. Which makes more sense? To take on a > multibillion-dollar and much-beloved company like Apple and fight their > entire legal department to get a court precedent it can then use to > force smaller guys into compliance... The smaller company would probably not have gone to court over it and just complied, so it would not set a legal precedent. Or it would just have closed itself, like Lavabit. > ... or would they take on a small company that can't put up as much of a > legal fight and wouldn't get as much publicity? And then, having won > that, go to Apple and say "we have precedent on our side"? That's probably their next step. They just have to wait for the right moment, i.e. a terrorist, child molester or serial killer case with a locked device. > Your idea works only if you assume the FBI is pathologically stupid. I won't rule that out either, but I was not assuming it. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What am I missing?
On 30-03-2016 14:16, listo factor wrote: > If this is all essentially correct, someone who knows that > the content of his device-at-rest is extremely valuable to an > attacker would surely use a pass-phrase of adequate length, and > thus make a potential cooperation from the device builder to > his adversary inconsequential. > > What am I missing in this whole case? The assumption that access to this particular device was where this lawsuit was about. The FBI wanted clearly an easy access to ALL devices and a court ruling to force other companies into compliance. I assume their next victim will be a party with less deep pockets to fight back. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do you think the FBI managed to get the clear text of the infamous phone?
On 30-03-2016 13:28, Robert J. Hansen wrote: >> AFAIK the Cellbrite hack works by replacing the boot manager and so >> being able to overwriting system memory, just as custom recoveries do on >> Android phones. > > It's also worth noting that we'll likely discover what the exploit was > in the next few weeks. Yes, if it would allow the community to write a custom recovery for iPhones that would be nice to have. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do you think the FBI managed to get the clear text of the infamous phone?
On 30-03-2016 11:31, Paolo Bolzoni wrote: AFAIK the Cellbrite hack works by replacing the boot manager and so being able to overwriting system memory, just as custom recoveries do on Android phones. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do you think the FBI managed to get the clear text of the infamous phone?
On 30-03-2016 11:31, Paolo Bolzoni wrote: > The TPM contains the AES key protected with the password, AFAIK on the iPhone 5c at last the password this is not in some special TMP. Only the iPhones with a fingerprint scanner (5s and above) have that hardware and should not be vulnerable to that kind of attack. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Documentation format
On 07-02-2016 5:59, Robert J. Hansen wrote: > LaTeX is unique among document processing systems in that it can > effortlessly represent the correct orthography for the rock group Spinal > Tap (which uses a Turkish dotless lowercase i and a Jacaltec umlauted > n), but that comes with a steep price: namely, its near complete > inability to handle Unicode like the rest of the world. Considering the PITA that unicode gives in text editors (and not only there, I remember when the company I worked then switched to an unicode-enabled version of Delphi and we had to rebuild over 100 reports that didn't work anymore...) I'd say that is an big advantage. Both html and TeX can handle special characters and accents well with commands. Starting with one of those, the correct output can always be expressed in ascii, especially for the GnuPG documentation that does not do anything extremely difficult. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'
On 24-12-2015 17:02, Matthias Apitz wrote: > I do not fully understand why some 4 random words like > > Correct, horse! Battery staple! > > is a better passphrase like, for example > > Und allein dieser Mangel und nichts anderes führte zum Tod. I do know that using accented characters might get you into trouble on some keyboards. I remember working somewhere where German keyboards were used but the driver for them was loaded after login. We had to tell the people not to use a z or y in the password to limit the amount of "I can't login" calls to the IT department. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIT Tech Review on user error
On 17-12-2015 21:29, Robert J. Hansen wrote: > http://www.technologyreview.com/news/544516/user-error-compromises-many-encrypted-communication-apps/ Signal assumes TOFU, and warns if the key is changed. That can have a ligitimate reason (new installation), or indicate an attempted mitm attack. Which one it is can not be determined in the application itself. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: First quantum gates in silicon
On 06-10-2015 16:07, Robert J. Hansen wrote: > Australian researchers have figured out how to make a quantum gate on a > silicon chip. This is interesting work, because we've spent a *lot* of > money learning how to etch silicon. Being able to build quantum gates > on the same material that our current systems use is really important > from an engineering perspective. > > So far they've only been able to build a two-qubit chip. This means > there's absolutely nothing to panic over. Still, it's fascinating news. > We live in interesting times. :) > > http://www.engineering.unsw.edu.au/news/quantum-computing-first-two-qubit-logic-gate-in-silicon I just saw this posted in sci.crypt: http://arstechnica.com/security/2015/10/nsa-advisory-sparks-concern-of-secret-advance-ushering-in-cryptoapocalypse/ Short quote from the article linked to above: In August, National Security Agency officials advised US agencies and businesses to prepare for a not-too-distant time when the cryptography protecting virtually all sensitive government and business communications is rendered obsolete by quantum computing. The advisory recommended backing away from plans to deploy elliptic curve cryptography, a form of public key cryptography that the NSA spent the previous 20 years promoting as more secure than the older RSA cryptosystem. Almost immediately, the dramatic about-face generated questions and anxiety. Why would the NSA abruptly abandon a series of ECC specifications it had championed for so long? Why were officials issuing the advice now when a working quantum computer was 10 to 50 years away, and why would they back away from ECC before recommending a suite of quantum-resistant alternatives? The fact that the NSA was continuing to endorse use of RSA, which is also vulnerable to quantum computing, led some observers to speculate there was a secret motivation that had nothing to do with quantum computing. On Tuesday, researchers Neal Koblitz and Alfred J. Menezes published a paper titled A Riddle Wrapped in an Enigma that compiles some of the competing theories behind the August advisory. The researchers stressed that that their paper isn't academic and at times relies on unsourced facts and opinions. And sure enough, some of the theories sound almost conspiratorial. Still, the paper does a good job of evaluating the strengths and weaknesses of the NSA's highly unexpected abandonment of ECC in a post quantum crypto (PQC) world. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Should I be using gpg or gpg2?
On 28-09-2015 22:26, Robert J. Hansen wrote: > RSA-3072 is not all that much stronger than RSA-2048, and RSA-4096 adds even > less. AFAIK RSA-3072 (and ElGamal-3072) are comparable to AES-128. That's strong enough for the forseable future; the only known thing they are vyulnerable to (except for rubber-hose cryptography, keyloggers and other "cheats") is a working quantum computer But if we have that, this: > The future is clear: 512-bit ECC, which is about as resistant to > brute-forcing as AES256. won't help either and you need things like lattice cryptography (with even bigger keys unfortunately). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG modern can't genereate keys on my Windows
On 06-09-2015 12:02, Peter Lebbing wrote: > Is there any reason to provide 64-bits binaries, BTW? It's an unbiased > question, I simply don't know. Does it provide any benefits? Perhaps they accept larger files or can use more memory? I do remember once compiling the pgp 2.6.3ia sources with Visual Studio 5 long ago to make 32 bit binaries that could handle long filenames the original 16 bit DOS executable could not deal with. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: drop mention of 1.4?
On 04-09-2015 0:46, Robert J. Hansen wrote: > Here's the question I really want people to answer: "At what point do we > tell people, 'no, that data format has been obsolete for twenty years, > we're not going to support it any more, it's not even close to > conforming to the RFCs we implement'?" Never IMO. This attitude leads to data being lost forever because new software can't read it anymore while the cost of adding read-only support is small. > If you say "for as long as people have that traffic," then you've just > given GnuPG an open-ended commitment to supporting PGP 2.6 *forever*. Read-only, yes. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: drop mention of 1.4?
On 28-08-2015 23:27, Werner Koch wrote: > You want better software? Then make it less complex and separate tasks > - 2.x does just that - since 2003. Less complex by introducing communication issues between all separate parts? We clearly have a different idea of complexity. Separartion of tasks does not automatically mean separate binaries. That used to be the Unix philosophy (there is systemd, but that's another discussion) but on other systems that might not work as smoothly. Just see how many issues there are with pinentry on this list. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: drop mention of 1.4?
On 28-08-2015 18:52, Robert J. Hansen wrote: > You don't get clearer than that. PGP 2.6 is a dead letter. Obsolete. Yes, I agree. > And with PGP 2.6 being obsolete, so are V3 keys. No they are not. Reading encrypted archives might be usefull, re-encrypting received mails is impractical and re-signing them probably impossible. The sane thing to do is then to make v3 support read only. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: drop mention of 1.4?
On 28-08-2015 18:12, Peter Lebbing wrote: > 1.4 is fully supported, but occupies a niche. Support is not dropped, nobody > forces you to upgrade. It's starting to feel a little bit with ECC not coming to 1.4 (missing function required to exchange messages with 2.1 users) and v3 key support removed from 2.1 (people unable to communicate with pgp 2.x users) but I'll see how that works out. It forces you to choose or run a double installation. > Can we please stay on subject. Your message feels like a general rant that has > nothing to do with the FAQ whatsoever. OK, I might have been caried away a little. If someone feels offended I apologise. > There's some tension between two of your desires, by the way. What if your > correspondents in a few years have ECC keys? When 1.4 doesn't get ECC support, > you could complain that they apparently have dropped support for 1.4. Whan that happens I think it's time for patches on 1.4 to put ECC in. > But if it > does get ECC support, you can complain that 1.4 is feature-complete and should Those are changes to remain able to communicate encrypted with others, the mail function of gpg. I'm not asking for features like card support to be backported to 1.4. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: drop mention of 1.4?
On 27-08-2015 23:37, Robert J. Hansen wrote: > The 2.x branch is the future of GnuPG development, has been for some > years now, and is what the GnuPG developers recommend for new users. I see this attitude a lot among software developers and it irritates me: drop support for "obsolete" features and still try to force everyone to upgrade, combined with the inability to accept that at some time software can be feature-complete and only bugfixes are needed. It's the same attitude MS has when pushing windows 10 to windows 7 users. Last time I saw this with crypto software was when TextSecure dropped support of encrypted SMS. Being open source, it was quickly forked but now people have to use 2 different applications. A pitty. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FAQ: drop mention of 1.4?
On 27-08-2015 20:41, Robert J. Hansen wrote: > My rationale for this is simple: we don't want to encourage new users to > use 1.4. We want to encourage new users to use 2.0 and/or 2.1. Why? I still use 1.4. It is easily usable through the command line if needed, while 2.x has a very complicated setup with lots of external dependencies and has a feature bloat most users will never need. I would certainly include a discussion of the incompatabilities that exist between 1.4 and 2.1: the dropped V3 keys support and ECC keys in 2.1. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problems with key available in v1.4.19 but not v2.1.5
On 17-07-2015 21:48, Philip Neukom wrote: > I'm having some problems with my key that was created a long time ago > (1994) but updated with new emails over the years. Then it's a v2 key, and unfortunately GnuPG dropped support for v2 keys. But fortunately you can install a copy of GnuPG 1.4.x alongside 2.1 to use that key. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enabling and using ECC keys (any reason not to?)
On 27-03-2015 14:21, Martin Behrendt wrote: > So especially when introducing new algorithms which might be tampered > with, using e.g. an old style RSA Key as one layer and ECC as a second > should help against this. Or am I missing something here? Why would you want to use a suspect algorithm if the RSA alone is secure enough? -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Enabling and using ECC keys (any reason not to?)
On 26-03-2015 9:59, Mike Ingle wrote: > Is this just a backward > compatibility thing, or is the security of ECC keys not fully trusted yet? The buzz about Dual_EC_DRBG made it clear that it is possible to design curves where the designers have access to data that allows them to compromise the system. Wether the curves used in a given implementation are suspected to possibly have such a weakness is a matter of debate. I didn't check the status of this for the curves used in GnuPG 2.1. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Making the case for smart cards for the average user
On 15-03-2015 23:24, Jose Castillo wrote: > but my sense is that more people are vulnerable to passphrase-sniffing > malware than they are to someone sneaking very close to them with > an evil device. However, perhaps even more people are vulnerable to confisquation by authorities. If they find a pgp card, some may even force you to give them access (UK, the minister in The Netherlands who pushed for such a law has fortunately been forced to resign for something else). Hiding the key, or, in case that is not possbible, having access to a copy yourself afterward may be more usefull. I don't know how those pgp cards look, but perhaps it would be wise to print something on them that they are yet another loyalty card. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 02-03-2015 22:23, ved...@nym.hush.com wrote: > http://www.wired.com/2015/03/iphone-app-encrypted-voice-texts/ > > I wouldn't trust it with my real key, but would make a new > 'smartphone' key signed with my real key, and comment it as > for phone use only. You can't, it uses an own key scheme not compatible with openpgp. The protocol is described on https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2, they use ECC with Curve25519 and AES256. Signatures on a key are not possible. Only manual verification of the key fingerprint, or, when ypou meet in person, scanning this number represented in a QR code on screen with the camera, is possibble. > If this catches on, as Wired thinks I use Textsecure quite some time as sms replacement but failed to convinvce anyone else to use it too (wether as sms replacement or stand alone chatapp). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trust paths
On 01-03-2015 13:27, Jonathan Schleifer wrote: > You are assuming it will be spoofed for everyone. It could just > be spoofed for you. Anybody who can MITM you and give you a fake > SSL cert that you accept Well, perhaps they could if the ONLY way I communicated wit someone would be electronically. I usually discuss sensitive matters with people I know personally, so I could compare key ID's when I meet the other in person. No way to spoof that. That might not work when whistleblowing to a reporter I don't know personally bu then, I would either first talk to him personally or remain completely anonymous. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]
On 01-03-2015 22:01, flapflap wrote: > Just think about the "grandchild trick" ([0], unfortunately not in > English) which is a method where the criminals phone (often elder) > people and tell them that they are a grandchild, nephew, or other remote > relative and need some money for some reason Ah yes, but then, with such methods a number of failures are to be expected and the scammers don't care as long as a certain percentage is fooled. When using this trick to fool someone into telling confidentuial things it is very uncertain. For once, I've never heard of the police trying something like this to obtain confessions or information: the chance of failure in an indivicual case are too big. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trust paths
On 28-02-2015 18:56, Christoph Anton Mitterer wrote: > I'm not sure but I fear you have some deep misunderstanding of > cryptography... I'm not talking about mathematically proving something. After all, a government agency could make a false key with Werner Koch's name on it and send someone who looks like him with real ID documents to a keysigning party. Government-issued ID's are no mathematical proof either. > "Well-known", "often seen enough" or "not having heard any noise about > it" are absolutely no ways to prove the validity of a key's named > identity. No proof no - but nathematical proof does not exist in this matter. > If there was only one "Werner Koch" on the keyservers, and that key was > signed by thousands of other famous names (Linus Torvalds, and that > like) you still couldn't be sure of anything. Of course not, anyone can upload a key with any name to the keyservers. But I doubt anyone can publish a fake key on www.gnupg.org without anyone noticing for long. > An attacker that MitMs you could just set up a fake web-of-trust in very > little time and when you ask your favourite keyserver, block any of the > "real answers" and instead deliver you his faked key space with all the > mutual signatures and so on. I am not talking about keyservers at all, except maybe for obtaining a key with a given keyID. Nothing more, and no WoT issues. While I understand the concept I consider the WoT way to complicated and I use it only as additional evidence a key belongs to someone. > And you'd think "Only one Werner Koch, with an @gnupg.org email, even > signed by all these other people - that can't be coincidence, some of > the must have checked his ID, and if it was an impostor, I'd surely have > read on heise.de about it" - while in fact no one else than you ever saw > these faked keys. If the key was only on the keyservers, sure, then even I could do that myself easily. But I'm talking about keys on places where it is unlikely anyone has write access to, like the gnupg website or as a signature in mailinglist messages. Sure, it could be spoofed - but only a short time before it get noticed. It would not be the first time I read about a spoofed gpg key on a Linux distro server when the server was hacked. The attack works - but not for long. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 28-02-2015 18:21, Christoph Anton Mitterer wrote: > Not sure what you refer to,... but if it's authentication schemes like > ZRTP (which TextSecure wouldn't use)... No it's not, it is much simpler. When I call my wife and are in fact connected with a computer or agent impersonating her, they are unlikely being able to copy her voice so good that I don't hear it. And even if they are, I think it's very unprobable they would be able to fool me due to them missing context. Try it out: have 2 people who know each other well speak via a computer synthesised voice so voice reconnition would not work. Then have a third person who doesn't have intimate knpowledge about both others try to fool one of the other two he is the other person. Unluikely to work. And even if it would be possible, it would require so much manpower to make it unusable for mass surveilance. It would probably only be used against very high-priority targets of the caliber Bin Laden. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: strength of voice authentication [was: Re: German ct magazine postulates death of pgp encryption]
On 28-02-2015 15:09, Daniel Kahn Gillmor wrote: > We had this discussion recently over on messag...@moderncrypto.org. What is described there is a much more confined problem. > It's far from "trivial", but breaking voice-based authentication > (particularly in the already-noisy realm of mobile phone calls) with > high probability doesn't seem to be beyond serious researchers. Fooling a computer that a certain voice belongs to someone else, sure, I'm sure that is or will be possible. Fooling me that a short, fixed string is spoken by someone I know when in fact it is not, sure, that too. But fooling me that the person on the other end of the line is someone I know well by only technically impersonating his voice while having an actual conversation... I don't believe it very likely to happen in the near future. Perhaps it could work on someone I barely know, but pick only once the wrong person and I might become very suspicious. It requires not only changing the voice but also solving a problem much harder than the classic Turing test. For once, it requires much contextual knowledge about what both persons know of each other. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 28-02-2015 13:40, Peter Lebbing wrote: > On 28/02/15 13:28, Johan Wevers wrote: >> I don't see even the NSA breaking that. > > Heh, famous last words ;). OK, not cryptographically. They could always try to bribe/threat/torture someone to cooperate. But that model fails if you want to perform unnoticed mass surveillance. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trust paths
On 27-02-2015 22:30, Christoph Anton Mitterer wrote: > I meant in the sense that I want to trust e.g. Werner's key but haven't > met him in person yet,... but I might have an indirect trustpath to him > via some other persons (which I do trust). > Obviously I'll need any intermediate keys (and enough of them that I > personally decide it's trustworthy). OR, in case a key belongs to a well-known person, you've seen it mentioned in enough places and seen it used to sign gpg packages to be rather certain that if it were a forgery someone would have noticed by now and made noise about it. After all, if I want to securely communicate witgh the author of GnuPG I want to know if this key belongs to someone calling himself "Werner Koch". If the government knows this person by the same name (that what is known by an ID check) is less of a concern for me, maybe "Werner Koch" is only an artist name. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 27-02-2015 19:16, Christoph Anton Mitterer wrote: > This is basically what they want: Anonymous cryptography, whose complete > security is based on some good luck whether you've communicated with the > right peer the first time. In practice the Textsecure protocol works well of couyrse because it uses the phone number. One usually knows that number already from a contact. Most people I communicatw with often I even recognise by voice alone - taking over the phone number is not going to work. I don't see even the NSA breaking that. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 27-02-2015 16:57, Mark H. Wood wrote: > It's always good to look for patterns that lead to useful > simplification. But there comes a point at which no further > simplfication can be done without making the system less useful. Well, in making it more beginner friendly, I imagine a system that does not bother the user with complexities about whan to sign someone's key to which degree, but after install: 1. The beginner friendly installer notices there is no secret key yet -> create one automatically and upload it to the keyservers. To make the experience as easy as possible perhaps even offer to use no password on the key so it does not need to ask for a password when opening mail (with a warning that this could give problems if losing or confiscating the computer is part of the threat model). 2. It notices 2 email programs -> offer to integrate a plugin in both and set the defaults to sign and encrypt when the receiver has a public key on the servers. I agree that for webmail solutions this might be difficult but plugins for browser automation do exist (usually aimed at unit testing of websites). This approach might lead to issues, like targeted attacks with false keys and stolen computers, but it would get the number of encrypted emails up. At least the mails would be safer in transit and at the mail provider. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: German ct magazine postulates death of pgp encryption
On 27-02-2015 12:15, Peter Lebbing wrote: > So.. back to c't. Since they were writing an article, Isn't this just an article that started with the article of Moxie Marlinspike about GnuPG that was also on Slashdot yesterday? (Its at http://www.thoughtcrime.org/blog/gpg-and-me/). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users