Re: kernel.org status: establishing a PGP web of trust
On 2011-10-02 00:58, Aaron Toponce wrote: On 10/01/2011 02:46 PM, Robert J. Hansen wrote: That's not a healthy dose of paranoia. A healthy dose of paranoia in that case would be washing your hands before you eat, or not eating something off the floor. Starving yourself, because you think people are tying to poison you is not healthy. When his wife was hospitalized, Gödel literally starved himself to death, unwilling to eat anything not prepared by her. (http://www.webcitation.org/629GhJ129) What I don't get is, why didn't he just make his own food? -- Q: What is your secret word? A: That's right. Q: What's right? A: Yes. Q: Sir, you're going to have to tell me your secret word. A: What? Q: I said please tell me your secret word. A: What? Q: What's your secret word? A: Yes. Q: Sorry, yes is not your secret word. You have two more chances. A: I said what? Q: Yes. A: Right, so you admit I said it. Q: No, you said yes. A: No, what! Q: When? A: When you asked for my secret word! Q: What? A: Yes! Q: I'm sorry, that's incorrect. You have one more chance to say your secret word. A: I'd like to speak to your supervisor. Q: Very well, I'll transfer you. His name is Hu. (http://boingboing.net/2010/05/03/fun-with-a-banks-sec.html) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On 10/2/2011 10:53 PM, Jerome Baum wrote: What I don't get is, why didn't he just make his own food? He did, until he ran out of food. Then he was literally too paranoid to leave the house to buy groceries. Clinical paranoia is a brutal mental illness. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On Sat, Oct 01, 2011 at 07:01:14AM -0600, Aaron Toponce wrote: Having a sufficient amount of paranoia, would keep you from using DSA, I would think. I have an RSA key with RSA subkeys, but now that larger DSA keys are generally available, I'd be okay with revolving DSA signing subkeys. As you've pointed out, DSA has the disadvantage that k must always be different, but it also has advantages, one of them being that p, q, and g can be shared among a group of people such that p and q can be *proven* to be prime and generated in a reproducible way. Another one is that DSA signatures are smaller: there are two MPIs stored for each signature, but those MPIs are at most 256 bits long each, while for an RSA signature that was only 512 bits long, the security would be woefully inadequate. Point being, both DSA and RSA have their good and bad points, and if you're fairly confident that you have a good PRNG, such as /dev/urandom, then there's not really much concern about k. After all, you also need a good PRNG for CFB IVs as well, although the consequences aren't as disastrous. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On 01/10/11 18:51, brian m. carlson wrote: Point being, both DSA and RSA have their good and bad points, and if you're fairly confident that you have a good PRNG, such as /dev/urandom, then there's not really much concern about k. After all, you also need a good PRNG for CFB IVs as well, although the consequences aren't as disastrous. But you need a good PRNG for generating the session key, which is a lot more important than the CFB IV. But when it comes to signing stuff, not encryption, I suppose you can indeed use RSA without a good PRNG. The Debian OpenSSL debacle, however, rendered every DSA key *used* on such a system useless, whereas RSA was only compromised when the key was *generated* on such a box. Personally, I see it as an advantage of RSA that using it with a poor PRNG doesn't disclose your private key, but it wouldn't stop me from using ECDSA when it is mainstream. Your PRNG simply shouldn't be bad when you do crypto. Obviously software bugs can always happen, and in the specific Debian OpenSSL instance it was worse for DSA, but the next big bug might by chance hurt RSA and leave DSA in the clear. And we have DSA to thank for the fun of Sony's silly mistake! :) Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On 10/1/2011 9:01 AM, Aaron Toponce wrote: https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Signature_Algorithm#Sensitivity This is an argument against having a *bad* DSA implementation, in the exact same way you shouldn't use a bad RSA implementation, either. RSA has just as many warnings -- take a look at how many times PKCS has been updated to reflect new understandings of RSA's risks. Having a sufficient amount of paranoia, would keep you from using DSA, I would think. That's the same level of paranoia that led to Kurt Goedel starving to death because he was afraid of how everyone around him was trying to poison him. I don't think we should recommend that level of paranoia. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
kernel.org status: establishing a PGP web of trust
http://lwn.net/Articles/461236/ Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: kernel.org status: establishing a PGP web of trust
On 9/30/2011 8:57 PM, Marcio B. Jr. wrote: http://lwn.net/Articles/461236/ Before people panic, there are no known weaknesses in DSA. The SHA-1 hash algorithm has some severe problems, but there's nothing in DSA that requires the use of SHA-1: you can replace it with any 160-bit hash. Let's not panic, and let's not migrate away from DSA without good reason. :) Migrate away from SHA-1, sure, but DSA is fine. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
