> Often there is also value in breaking crypto so that the targeted
> crypto users don't know it has been broken and thus continue to use
> it (the algorithm and/or the specific key). If a big government
> organization (take your pick) had broken algorithm/keysize xyz, would
> they tell anybody?
H
On 27.10.2013 2:09, Robert J. Hansen wrote:
> The name of the game is economics. How much is the secret worth? If
> it's worth $50,000 of computer equipment and cryptanalysis, then it's
> also worth a $50,000 bribe, a $50,000 payment to a professional thief to
> break in and plant keyloggers, $50
On 10/26/2013 07:36 AM, Robert J. Hansen wrote:
> On 10/26/2013 12:16 AM, Paul R. Ramer wrote:
>> I am not saying that any one should use 2048 bit RSA because the DoD
>> uses it. It is just a data point. That being said, I am doubtful that
>> classified discussions are being done over email.
>
>
On 10/26/2013 5:44 PM, Christoph Anton Mitterer wrote:
> Well with that "argument" you can always defeat any crypto... a "real
> attacker" will not care whether you use 786 bit RSA keys or 16k bit
> keys... he comes for you and tortures you until you happily give him
> anything he wants...
The nam
On Sat, 2013-10-26 at 14:13 +0200, Werner Koch wrote:
> Now, if
> you want to protect something you need to think like the attacker - what
> will an attacker do to get the plaintext (or fake a signature)? Spend
> millions on breaking a few 2k keys (assuming this is at all possible
> within the ne
On 10/26/2013 3:40 PM, Sylvain wrote:
> Thanks for your answer. To foster spending less time on these
> discussions, how about this? :)
Hi! I'm the quasi-official FAQ maintainer. You can read the current
text of the FAQ at:
https://github.com/rjhansen/gpgfaq/blob/master/gpgfaq.xml
Exc
Hi Werner,
On Sat, Oct 26, 2013 at 02:13:15PM +0200, Werner Koch wrote:
> Instead of discussing these numbers the time could be much better use to
> audit the used software (firmware, OS, libs, apps).
Thanks for your answer. To foster spending less time on these
discussions, how about this? :)
>> "Werner" == Werner Koch writes:
> On Sat, 26 Oct 2013 12:02, o...@mat.ucm.es said:
>> Can gpgsm deal with this situation?
> Sure. That is a very common situation.
> Although I am myself not using gpgsm for mail encryption, I use it to
> maintain all kind of X.509 certificates
On Sat, 26 Oct 2013 12:02, o...@mat.ucm.es said:
> Can gpgsm deal with this situation?
Sure. That is a very common situation.
Although I am myself not using gpgsm for mail encryption, I use it to
maintain all kind of X.509 certificates. FWIW, gpgsm passed several
conformance tests with quite g
Am Fr 25.10.2013, 23:45:50 schrieb Johan Wevers:
> Further, if they expect it to be secure for only 25 years,
This means that every single key is secure over that time. It means that after
25 years organizations with huge resources may be able to crack a *single* key
in a lot of time (rather a
On 10/26/2013 12:16 AM, Paul R. Ramer wrote:
> I am not saying that any one should use 2048 bit RSA because the DoD
> uses it. It is just a data point. That being said, I am doubtful that
> classified discussions are being done over email.
CAC is used for encrypted email, at least according to W
On 10/25/2013 5:45 PM, Johan Wevers wrote:
> The authority of NIST is of course severely reduced since the
> Snowden revelations and their own suspicious behaviour with the Dual
> EC PRNG.
*To you* they're severely reduced. Please don't presume to make ex
cathedra statements for the rest of the w
On Sat, 26 Oct 2013 11:35, b...@beuc.net said:
> Plus, following this principle, why doesn't gnupg default to 4096 if
> there isn't any reason not to? I would suppose that if gnupg defaults
4k primary RSA keys increase the size of the signatures and thus make
the keyrings longer and, worse, comp
Hello
I use gpgsm, via gnus+Xemacs and I have installed a free certificate
from Comodo. This certificate expires in a couple of weeks and I have to
apply for a new one. However I need the old one to read old messages.
Can gpgsm deal with this situation?
thanks
Uwe Brauer
smime.p7s
Descriptio
Hi and thanks for your answers,
Would it be a good idea to update the FAQ in this regard?
http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size
-> "1024 bit for DSA signatures; even for plain Elgamal signatures."
Also,
On Fri, Oct 25, 2013 at 02:19:08AM +0200, Christoph Anton M
15 matches
Mail list logo
