On Mon, 23 Jan 2017 13:34, pe...@digitalbrains.com said:
> (FWIW, I don't think you can currently do either. Possibly you can
> change the s2k-count via the agent protocol, but that might not pertain
No, that is not possible. Right now the agent always uses AES and S2K
paremeters which require o
On Wed, 25 Jan 2017 01:05, si...@web.de said:
> not sure this is the perfect place, but I wanted to point out that the
> gnupg.org website still uses sha1 as a mac.
Despite that SHA-1 is not yet broken they now even claims that HMAC-SHA1
is broken? I do not even known a theoretical attack on HMA
> On 25 Jan 2017, at 08:52, Werner Koch wrote:
>
> On Wed, 25 Jan 2017 01:05, si...@web.de said:
>
>> not sure this is the perfect place, but I wanted to point out that the
>> gnupg.org website still uses sha1 as a mac.
>
> Despite that SHA-1 is not yet broken they now even claims that HMAC-SH
On 25/01/17 09:52, Werner Koch wrote:
> OCSP is used as an alternative to CRLs and not directly related to
> privacy.
The OP might have meant "OCSP Stapling" which includes the OCSP data in
the data sent by the webserver during TLS session setup. That way, the
OCSP data doesn't need to be fetched
> This whole banning of SHA-1 and 3DES for public https servers and in
> particular ssllabs' new grades is mostly security theater.
For that matter, I'm still in the dark as to what the big problem with
three-key 3DES is. The best attack against it requires more RAM than
exists in the entire worl
Dear all,
Recently, keybase.io stopped their email forwarding service. Now, my
noc...@keybase.io uid can no longer receive email. I'd normally revoke
the uid, but my account, keybase.io/noctua, can still receive messages
through the website.
I'm in a dilemma now: should I revoke the uid because t
On 25/01/17 14:51, Felix Van der Jeugt wrote:
> Dear all,
>
> Recently, keybase.io stopped their email forwarding service. Now, my
> noc...@keybase.io uid can no longer receive email. I'd normally revoke
> the uid, but my account, keybase.io/noctua, can still receive messages
> through the website
Hello all,
after using GnuPG since 2014 I now purchased a Nitrokey USB smartcard. I set it
up mainly* following the steps at
https://wiki.fsfe.org/TechDocs/CardHowtos/CardWithSubkeysUsingBackups with
GnuPG 2 and tried to configure GnuPG 1.4 to work likewise (on Linux Mint, it's
installed as we
Am 25.01.2017 um 12:14 schrieb Peter Lebbing:
> On 25/01/17 09:52, Werner Koch wrote:
>> OCSP is used as an alternative to CRLs and not directly related to
>> privacy.
>
> The OP might have meant "OCSP Stapling" which includes the OCSP data in
> the data sent by the webserver during TLS session
On 01/25/2017 02:41 PM, Robert J. Hansen wrote:
For that matter, I'm still in the dark as to what the big problem with
three-key 3DES is. The best attack against it requires more RAM than
exists in the entire world and only reduces it to 112 bits.
The main problem would be its 64-bit block siz
Am 25.01.2017 um 22:25 schrieb Damien Goutte-Gattat:
> On 01/25/2017 02:41 PM, Robert J. Hansen wrote:
>> For that matter, I'm still in the dark as to what the big problem with
>> three-key 3DES is. The best attack against it requires more RAM than
>> exists in the entire world and only reduces
> The main problem would be its 64-bit block size. Apparently there's a
> "practical" attack against 64-bit ciphers as used in TLS [1].
Quoting from the abstract: "In our proof-of-concept demos, the attacker needs
to capture about 785GB of data." I question the wisdom of any system which
sends
Am 25.01.2017 um 23:00 schrieb Robert J. Hansen:
>> The main problem would be its 64-bit block size. Apparently there's a
>> "practical" attack against 64-bit ciphers as used in TLS [1].
>
> Quoting from the abstract: "In our proof-of-concept demos, the attacker
> needs to capture about 785GB
Felix,
On Thu, Jan 26, 2017 at 1:51 AM, Felix Van der Jeugt
wrote:
> Recently, keybase.io stopped their email forwarding service. Now, my
> noc...@keybase.io uid can no longer receive email. I'd normally revoke
> the uid, but my account, keybase.io/noctua, can still receive messages
> through the
Excerpts from Christian Heinrich's message of 2017-01-26 09:19:42 +1100:
> On Thu, Jan 26, 2017 at 1:51 AM, Felix Van der Jeugt
> wrote:
> > Recently, keybase.io stopped their email forwarding service. Now, my
> > noc...@keybase.io uid can no longer receive email. I'd normally revoke
> > the uid,
> There are prove of concepts against TLS and openvpn https://sweet32.info/
Sure, but those proofs-of-concept require *hundreds of GB of traffic*.
That's the sort of thing that causes a lot of crypto nerds to twitch and
mutter "rekey, rekey".
___
Gnu
Excerpts from Andrew Gallagher's message of 2017-01-25 18:10:56 +:
> True, people might try to email you on that ID, but the worst that
> will happen is they get a bounce (and you have other, usable IDs on
> the same pubkey I assume).
I indeed do have those, but I'm not sure keybase will bounc
Maybe that's an opportunity to put to use "notations
, and self-sign the keybase-uidusing --cert-notation.
Of course, nobody would care to check that,
but would there be any other issue down this road?
Kind Regards,
Kostis
On 25 January 2017 at 23:39, Felix Van der Jeugt <
felix.vanderje...@gm
I have been wondering for a while about the use of sha1 in pgp fingerprints.
Although sha1 may not be easily broken in practise, there are
theoreticall collosion attacks that are feasible for well funded
organisations.
Cryptographers, like Bruce Schneier, have been recommending for years to
migra
On 1/25/2017 4:36 PM, sivmu wrote:
> Basically if you can collect a few hundred GB of data, it is trivial to
> calculate the key. There is a prove of concept for https connections,
> although I believe this is especially relevant for VPN connections
> (openvpn uses a 64 bit ciphers (blowfish) by de
On 2017/01/25 21:07, sivmu wrote:
> Anyways ssllabs shows a warning that the website will be degraded
> from A to C in a month. Not sure that matters all that much, but if
> there is an oppertunity to change the available ciphers at some
> point...
I've looked into this and I'm not sure why ssl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I would also like to note that gnupg.org does not appear to work on
the latest versions of Apple iOS or macOS Safari due to TLS cert
issues. It fails to load in Safari on either platform (but Chrome and
Firefox do work on macOS, Safari is the only b
Hello,
Thank you for your report in detail.
chris.p...@gmx.de wrote:
> The commands gpg --card-status and gpg2 --card-status seem to display
> mainly the same things, the only strange line is "Key Attributes" at
> GPG 1.4:
gpg 1.4 can use gpg-agent by the option use-agent. I think that you
enab
23 matches
Mail list logo
