> It is objectively more secure.
No. Security is inherently subjective. A risk that one person is
willing to bear, another is not; a risk one person deems catastrophic,
another deems insignificant.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
h
On 20/04/17 21:17, Paul Taukatch wrote:
> Does anyone know exactly what this verify data is comprised of?
"data" seems to be correct: it is an EMSA-PKCS1-v1_5 encoded RSA SHA-256
signature. As RFC 3447 states:
EM = 0x00 || 0x01 || PS || 0x00 || T.
PS is a string of binary 1's to fill up the rema
On Sun, Apr 23, 2017 at 08:42:45PM -0400, Robert J. Hansen wrote:
> > There are a
> > few possible attacks that the use of a smartcard mitigates, and
> > therefore a smartcard key *is* more secure than a non-smartcard key
>
> No. It's more secure *only if those attacks are within your threat
> pr
Appreciate the feedback but I have indeed reread the RFC specification
quite thoroughly and still can't seem to figure out the issue. Don't mean
to spam the mailing list but is there any chance someone might have a bit
more insight into this. Quite stumped!
Thanks,
Paul Taukatch
Advanced Technolo
On Mon, Apr 24, 2017 at 07:50:15AM +, listo factor via Gnupg-users wrote:
> "...the general purpose
> operating system is fundamentally inadequate for trusted
> operations."
...
> The use of smartcards is to me only a welcome sign that a
> growing segment of gpg users appears to agree with that
> Look at how many people think 3DES is obsolete, for instance, or that
> anything less than AES256 is risky.
My bad: I used "obsolete" when I should've said "insecure". I fully
agree 3DES is obsolete; it's the "3DES is insecure" which is,
IMO, unsupported and faddish.
(The best attack on 3DES r
> The use of smartcards is to me only a welcome sign that a
> growing segment of gpg users appears to agree with that
> proposition.
The overwhelming majority of GnuPG users do not know enough about
information security to have an opinion worth listening to.
More than that, they shouldn't need to
On 04/24/2017 12:42 AM, Robert J. Hansen wrote:
-- but [smartcards] do not rise to the level listo is
> ascribing to them...
The central argument I've been making in this thread is not the
promotion of smartcards, it is something best summarized by
the quote from the Laurie-Singer paper: "...th
