Hi Diego,
Am 23.11.2015 um 09:42 schrieb NdK:
> Il 23/11/2015 08:56, Jan Suhr ha scritto:
>
>>> I didn't look at the code (so this could be completely wrong and I'd be
>>> happy!), but if the OTP key is decrypted using a key in the chip after
>>> verifying that the card accepts the PIN, then it's
Among the privacy-concerned, there is a strong impulse to use the hardest
possible cryptography. The truth is that 2048-bit keys and a 256-bit hash
algorithm are completely secure against brute force attacks, and barring
any surprising developments in cryptanalysis, will remain so for a good
long t
Thank you Robert and Peter.
It appears that information I had read previously was erroneous. I was
under the impression the capabilities (at least for the primary key)
were set in stone, hence my apprehension at avoiding those insatiable
knobs and gears I like to tinker with. ;)
This thread has b
> The same can be said for almost any complex system, software or not.
Absolutely. Please don't misinterpret what I said as trying to dissuade
you from curiosity. I'm just urging you to not let your curiosity lead
you into making poor decisions from the get-go.
The following anecdote is meander
On 23/11/15 17:20, James wrote:
> If you create a primary key, upload it to a public
> keyserver and later decide: "hrm, my public key should really only
> certify, not sign," it's a bit too late. (although not impossible,
> difficult to change ex post facto).
Okay, so let me answer this one detai
Robert,
I appreciate the input and hear you loud and clear.
I respect that GPG makes sane, technically secure and well-thought-out
decisions. As I mentioned in my previous response, the folks that
designed and coded GPG are likely far more intelligent than I. This
does not assuage my deep curiosi
Hi,
i've done some more testing and found out that the problem starts to
exist with openssh version 6.8p1. With 6.7p1 everything works perfect. I
downloaded the openssh tarballs one by one, compiled with
./configure;make and just copied the "ssh" binary.
I was able to reproduce the problem w
> - I believe that GPG has sane settings out-of-the-box, but prefer to
> verify that trust. ;) Why doesn't GPG set the digest algorithm to
> SHA512 instead of 256 out of the box?
For the same reason it doesn't default to RSA-4096: because the authors
are unconvinced there's a need. Longer is not
All,
I'm pleasantly surprised by the warm and helpful reception of this
community to my many questions. Thank you all in advance for your
detailed and thorough responses. The conversation thus far has been
quite thought-provoking.
I thoroughly read and re-read the responses in this thread, tinker
On 23/11/15 08:54, Jan Suhr wrote:
> 2nd factors are usually not access protected at all e.g. may have a
> display (which allows funny hacks[1]).
Ah, that makes sense! I forgot about that because I myself would
actually like an OTP protected by PIN as complete two-factor solution
(have the device
Il 23/11/2015 08:56, Jan Suhr ha scritto:
>> I didn't look at the code (so this could be completely wrong and I'd be
>> happy!), but if the OTP key is decrypted using a key in the chip after
>> verifying that the card accepts the PIN, then it's even worse, since
>> that master key is in cleartext
Hi Ndk,
Am 21.11.2015 18:23, schrieb NdK:
Il 21/11/2015 12:07, Peter Lebbing ha scritto:
Personally, I don't really see yet why the latter is so important;
however, gaining the ability to issue OTP's by simply inserting my own
OpenPGP card with my own PIN seems serious? Do I misunderstand it?
12 matches
Mail list logo
