Upon decryption of the attached message, the program requests a new
passphrase. Then after any arbitrary string is entered (or nothing),
decryption of the message fails. It does not matter if any private keys
are held in gnupg (including the key of the intended recipient).
Here is the message in
Le 19/11/2013 08:28, fuzzykitt...@riseup.net a écrit :
Upon decryption of the attached message, the program requests a new
passphrase. Then after any arbitrary string is entered (or nothing),
decryption of the message fails. It does not matter if any private keys
are held in gnupg (including the
I don't think that's possible at the moment. There are no
deterministically built operating systems yet.
This is rather sad. I think FreeBSD has
a project somewhere trying to move that way.
Hopefully all of the unix-likes are at least aware of
the concept, if not having an actual project for
On 19/11/13 10:15, Laurent Jumet wrote:
In my opinion, this is a symetric crypted message. You need the exact
password (called passphrase as well) to decrypt it, but it's not a double key
cipher.
You're only partly correct. Letting 'gpg2 --list-packets --list-only' inspect
the message, I
Pete Stephenson:
1. If you set the keyprefs in your gpg.conf configuration file before
you generate a new key it will generate new keys with these stronger
defaults rather than having you need to edit them later. See
http://www.debian-administration.org/users/dkg/weblog/48 for details
and
Hauke Laging:
Am Mo 18.11.2013, 17:21:22 schrieb adrelanos:
Hi,
An article about air gapped OpenPGP keys has been written by me:
https://www.whonix.org/wiki/Air_Gapped_OpenPGP_Key
Please leave feedback or hit the edit button.
By default GPG creates
Robert J. Hansen: Please leave feedback or hit the edit button. Maybe
it's useful for
someone. It's under public domain.
A major omission:
What is this, why should I care, and what security risks does it
mitigate?
Without that, the article is useful only to people who have already been
On Tuesday, November 19, 2013 at 3:51 AM, fuzzykitt...@riseup.net wrote:
Upon decryption of the attached message, the program requests a new
passphrase. Then after any arbitrary string is entered (or
nothing),
decryption of the message fails. It does not matter if any private
keys
are held in
vedaal at nym.hush.com vedaal at nym.hush.com
wrote onTue Nov 19 18:14:31 CET 2013 :
gpg: public key decryption failed: bad passphrase
gpg: encrypted with unknown algorithm 163
gpg: decryption failed: unknown cipher algorithm
(the passphrase used was: 12345)
Now here is the last part of the
On 19/11/13 18:14, ved...@nym.hush.com wrote:
Why does gnupg give these types of error message, as opposed to simply
stating 'decryption failed: bad passphrase' ??
What kind of relationship is there between the number listed for the
'unknown algorithm' and the passphrase string that was
On 19/11/13 20:47, ved...@nym.hush.com wrote:
This is still unusual, as gnupg already identified it as TWOFISH, not as an
unknown algorithm,
TWOFISH was used to encrypt the session key. What was used to encrypt the
data is still unknown, since that knowledge is encrypted. (With TWOFISH. Are
On 19-11-2013 7:07, Robert J. Hansen wrote:
Even then, scrubbing data is usually a sign you've misunderstood the
problem you're trying to solve. If you're concerned about sensitive
data lurking on your hard drive the solution isn't to scrub the drive,
it's to use an encrypted filesystem.
On 19/11/13 22:37, ved...@nym.hush.com wrote:
But this isn't the way hybrid gnupg messages work.
Gnupg does not use one symmetric algorithm to encrypt the session key, and
then another to encrypt the message. The user can choose 'which' symmetric
algorithm to use, but it will be the same for
If the message is encrypted to one public key, and also encrypted
symmetrically instead of to a second public key, then the symmetric algorithm
used by gnupg is the same for the encryption of the session key to the public
key, as well as the session key to the symmetrically encrypted part, as
On Tuesday, November 19, 2013 at 3:02 PM, Peter Lebbing
pe...@digitalbrains.com wrote:
On 19/11/13 18:14, ved...@nym.hush.com wrote:
Why does gnupg give these types of error message, as opposed to
simply
stating 'decryption failed: bad passphrase' ??
What kind of relationship is there
On Tue, Nov 19, 2013 at 09:06:18PM +0100, Johan Wevers wrote:
On 19-11-2013 7:07, Robert J. Hansen wrote:
Even then, scrubbing data is usually a sign you've misunderstood the
problem you're trying to solve. If you're concerned about sensitive
data lurking on your hard drive the solution
That depends on your threat model. If you fear juridical problems (say,
for example, some encrypted mails have been intercepted by the police
but they can't decrypt them), destroying the key will prevent you from
having to hand it over. In some jurisdictions this may be seen as
contempt of court,
On 11/19/2013 3:50 PM, Robert J. Hansen wrote:
[...]
then used to do all further crypto operations. To put the data forever
beyond recovery, you generate a new nonce, encrypt it with the same
passphrase, and write it over the old nonce. If someone demands your
cryptographic key you can
On Tue, Nov 19, 2013 at 02:50:20PM -0800, Robert J. Hansen wrote:
That depends on your threat model. If you fear juridical problems (say,
for example, some encrypted mails have been intercepted by the police
but they can't decrypt them), destroying the key will prevent you from
having to hand
On 11/19/2013 6:03 PM, Chris De Young wrote:
I'd be surprised if this gets you very far in a US court.
Depends on when you did it and why. Many businesses have document
retention policies (crafted with the assistance of counsel) that specify
old documents are to be put beyond recovery, and
20 matches
Mail list logo
