There are various claims going around about how GnuPG should be
disabling SHA1 now; the competent cryptographers I know are pointing out
that a collision is not a second pre-image, don't panic and cargo-cult
(but also yes it's time and past time to be making sure we have a clear
path away). I'm
If you read the announcement Google never uses the words "completely broken"
that you attribute to them. I believe that was someone else's characterization.
Mis-attribution and name calling can also be unhelpful.
Google's security team has been the driving force behind two major security
On 23 February 2017 at 19:24, wrote:
> Today was announced that SHA1 is now completely broken
> https://security.googleblog.com/2017/02/announcing-first-
> sha1-collision.html
This is nonsense.
Google security team calling sha1 "completely broken" simply means google's
security
On 23/02/17 13:36, Gerd v. Egidy wrote:
> So I think that this would move the bar for a possible user of paperbackup.py
> higher than I want to.
Yes, it should be easy to use. In fact, I've sometimes heard the
complaint that "paperkey is not easy to install and/or use". That's
really too bad
On 2/23/2017 at 4:52 PM, si...@web.de wrote:...
Not sure about you but I am not able to see the difference between a
valid pgp key and "gibberish" ;)
...
=
In the example of the 2 pdf's, they started with one pdf, made
another pdf, then multiple (more than billions) trials of adding a
On Thursday 23 February 2017 23:38:36 Leo Gaspard wrote:
> On 02/23/2017 09:00 PM, Robert J. Hansen wrote:
> > [...]
> >
> > To which I said, "Create two keys with the same fingerprint. Sign a
> > contract with one, then renege on the deal. When you get called
> > into court, say "I never
On 23/02/17 11:00, Gerd v. Egidy wrote:
> Seems you are trusted by much more people than me ;)
More people trust that that key is mine, they don't trust me as a
person, my actions or my certifications. dkg already answered that bit
:-). These are mostly people I've met at a keysigning party. They