On Mon, Sep 12, 2016 at 01:31:38PM -0500, Anthony Papillion wrote:
> I understand what S/MIME is and that it's probably the easiest crypto
> solution for most email users. But why would someone comfortable with
> GnuPG use it? Does it offer any advantages over traditional PGP keys? If
> I
On Tue, Dec 02, 2014 at 01:57:13PM +0530, Robin Mathew Rajan wrote:
Where can I get my keys signed? Does here anyone provide keysigning services
through video conference? :)
Yes. You can get me through Tox. My Tox ID is:
76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD381F696
On Tue, Dec 02, 2014 at 10:23:13AM -0700, Aaron Toponce wrote:
Yes. You can get me through Tox. My Tox ID is:
76AC69FEB7DA042DFD75F30574CEE3C6498DF9DD766E1D78FC5CB4693CA10BD381F696
Hmm. It seems to have been truncated in the paste. The actual Tox ID
On Wed, Nov 05, 2014 at 09:21:14PM +0100, Werner Koch wrote:
I am looking for one or two people who would like to fill the @gnupg
Twitter account with some life.
I am not one of those short message people but Twitter seems to be a big
deal these days. Thus if someone would be interested to
On Mon, Oct 27, 2014 at 03:51:04PM -0400, Robert J. Hansen wrote:
I just don't want to ask my friend to put together something on the
subject and then discover there's no interest in it -- it seems
disrespectful to Professor Johnson. :)
I think there will be great interest on the list for it.
On Fri, Aug 22, 2014 at 12:46:38AM +0200, Gabriel Niebler wrote:
On the contrary, IMO this sort of thing is fully encompassed by the
word surveillance, at least as far as I have always understood it.
Otherwise any surveillance camera installed in a public or publicly
accessible place would not
On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote:
Perhaps it would be a start if sites providing SMTP would turn on
STARTTLS.
STARTTLS does not encrypt mail. It only provides safe passage over the network.
It is also client/server encrypted and decrypted. Thus, an administrator with
On Mon, Aug 18, 2014 at 12:24:43PM -0400, Mark H. Wood wrote:
Sure, it does encrypt mail. My SMTP has mail from me to deliver. It
contacts an SMTP that it thinks can get the mail closer to its
addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they
handshake, and the rest of the
On Thu, Aug 14, 2014 at 05:13:08PM +0100, OmegaPhil wrote:
Fair point, although that would be a network misconfiguration as
ping/ICMP is required for network troubleshooting, packet fragmentation
stuff etc (for reference I'm testing from a dedicated line that I control).
Blocking ICMP is not a
As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts' should
supress messages such as the one in the subject. However, that doesn't seem to
be the case: http://ae7.st/p/2u6. It appears that only when redirecting STDERR
to /dev/null is it supressed. Is this expected behavior, or
On Wed, Jun 18, 2014 at 07:28:32AM -0600, Aaron Toponce wrote:
As per my understanding of the gpg(1) manpage, '--ignore-time-conflicts'
should
supress messages such as the one in the subject.
Er, '--ignore-time-conflict'. Singular, not plural.
--
. o . o . o . . o o . . . o .
. . o
On Wed, May 14, 2014 at 11:32:07AM +1000, Fraser Tweedale wrote:
This behaviour also occurs for me in 2.0.22. Instead of exporting
the key, you could use --list-keys, which works for me:
Yeah, I'm not interesting in running it from the keyring, as I am assuming that
the key is not imported,
On Tue, May 13, 2014 at 11:30:21PM -0400, David Shaw wrote:
Looks like a bug. Note that on each of the keys that didn't work there is a
direct signature on the key. This is not very common, and is usually used
for a designated revoker (i.e. I permit so-and-so to revoke my key for me).
I
On Wed, May 14, 2014 at 06:26:31PM +0200, Werner Koch wrote:
Ah. Interesting. Should I file a proper bug against GnuPG then?
Please do that.
Done. https://bugs.g10code.com/gnupg/issue1640
Thanks,
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o .
I don't know if this is a bug, or if I am doing something wrong, so I might as
well ask here. I ran the following command from my terminal, and cannot
retrieve the fingerprint from the file:
$ gpg --output 0xBB065B251FF4945B.gpg --export 0xBB065B251FF4945B
$ gpg --with-colons
On Fri, Jun 29, 2012 at 01:45:17PM -0400, Robert J. Hansen wrote:
IMO, if your client is showing correct PGP/MIME signatures on this list,
you should file a defect report about your client. The message has been
changed in transit and is no longer in the exact same state as it was
when the
On Mon, Jun 25, 2012 at 08:44:11PM +0200, Werner Koch wrote:
On Mon, 25 Jun 2012 20:12, aaron.topo...@gmail.com said:
So, if the system can be improved by removing support for PGP2, which
includes cleaning up code, squashing bugs, and tightening security, then
why is it still around? 20
On Tue, Jun 26, 2012 at 01:12:12AM -0400, ved...@nym.hush.com wrote:
it will be interesting to see if V4 keys will be gracefully
abandoned as SHA1 becomes as broken as MD5,
or if there will be die-hards holding onto they their V4 keys no
matter what ...
Please fix your client. I don't
On Mon, Jun 25, 2012 at 12:11:57AM +0200, Werner Koch wrote:
I am telling for more than a decade that PGP 2 should not be used
anymore. The rationale for this was that OpenPGP is a standard and
fixes great many problems of PGP 2. GnuPG supports PGP 2 only because
this provides a way to
On Fri, Jun 22, 2012 at 10:21:35AM -0400, ved...@nym.hush.com wrote:
vulnerability in that their fingerprint mechanism is trivially
gamable,
so long keyid collisions are easy.
[snip]
Please fix your mail client. It is breaking threads.
Thanks,
--
. o . o . o . . o o . . . o .
. .
On Sun, Jun 17, 2012 at 07:26:27PM +0200, Hauke Laging wrote:
This are the result (with a caches passphrase, of course). It's the same for
a
zeros file and a urandom file. And this is on a power efficient CPU...
(E-450,
which I guess doesn't have AES acceleration) probably without
On Sat, Jun 16, 2012 at 07:54:46PM +0200, Hauke Laging wrote:
Are these files huge? It's hard for me to believe that this takes seconds.
What I would easily believe is that the system gets an entropy problem. The
delay would not be related to CPU performance then. So maybe a hardware RNG
I'm curious what progress, if any, has been made towards supporting GPUs
for encryption, decryption, signatures and verifications. I recently just
purchased two Zotac 32-bit PCI cards with 96 CUDA cores (I'm out of PCIe
slots) for the sole purpose of GPGPU research and sandboxing.
We use GPG at
On Wed, May 23, 2012 at 08:07:54PM +0100, da...@gbenet.com wrote:
Openpgp/enigmail does not support gpg2 unless one has installed gpg
1.4.11 - but I no longer trust Openpgp/enigmail to do anything.
That's unfortunate. While I'm mostly a Mutt user these days, I have Debian
Icedove installed with
On Tue, Mar 27, 2012 at 06:46:42AM +, auto15963...@hushmail.com wrote:
I noticed that this list is also available on gmane as
gmane.comp.encryption.gpg.user, which allows retrieving the
messages in a newsreader in lieu of in email. I prefer the
newsreader format. Is there any reason I
On Thu, Mar 22, 2012 at 09:24:06AM -0600, Eric wrote:
After installing gpg4win-2.1.0 the email button from excel (2003)
will not send out mail. It will put the mail in my Outlook inbox
instead of sending it.
Can't forward the email because it hammers the formatting. Is there
a fix or do I
I just signed an OpenPGP key with cert level 0x12 (casual checking) given
the following scenario:
* A PGP key was signed by an SSL certificate that was signed by a root
CA
* I verified that the signature was indeed from that root CA.
* I striped the signature, and imported the
On Sat, Jan 21, 2012 at 02:47:25PM -0500, Thomas Harning Jr. wrote:
That process seems pretty reasonable, assuming the CA is reputable. Even
better if you keep track of the SSL cert to keep track of breaches and the
like.
The idea is only to casually trust that a key belongs to a person. If
On Wed, Jan 11, 2012 at 01:56:58PM +0100, Werner Koch wrote:
You should use the modern crypto implementaion of mutt. You merely need
to add
set crypt_use_gpgme
to ~/.muttrc. This uses a now also 10 years old mode of mutt which far
better integrates crypto than the old command based one.
need a passphrase to unlock the secret key for
user: Aaron Toponce aaron.topo...@gmail.com
1792-bit ELG key, ID E7D41E4B, created 2004-09-18 (main key ID
8086060F)
The problem with Mutt, is the fact that when changing folders or accounts,
it brefly flashes what is on the terminal behind
On Thu, Dec 29, 2011 at 02:57:01PM +0300, Stayvoid wrote:
How to sign my own public key?
I've read that this is important.
Here is the link: http://www.heureka.clara.net/sunrise/pgpsign.htm
Whenever you make changes to your key, it's automatically signed by you.
--
. o . o . o . . o o .
On Wed, Dec 28, 2011 at 12:32:44AM +0100, Jerome Baum wrote:
On 2011-12-28 00:27, Aaron Toponce wrote:
On Tue, Dec 27, 2011 at 11:23:50PM +0100, Jerome Baum wrote:
I can't tell for gpg specifically but it's not so much about
characters. It's about entropy. Natural language is redundant
There may be some errors in my reply, so if so, please notify me.
On Tue, Dec 27, 2011 at 11:23:50PM +0100, Jerome Baum wrote:
On 2011-12-27 23:14, ved...@nym.hush.com wrote:
The approximate equivalent in brute force work is 20 diceware
words.
[ 7776^19 2^256 7776^20 ].
A string of
On Tue, Dec 20, 2011 at 05:26:49PM +0100, Werner Koch wrote:
Noteworthy changes already found in beta2:
* ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt.
Eager for this. Will we be seeing ECC support in 1.4.x?
--
. o . o . o . . o o . . . o .
. . o . o o o .
On Wed, Dec 21, 2011 at 10:48:35AM -0500, Nicholas Sushkin wrote:
Hi, I think there is a bug in the way KMail is doing S/Mime envelop for signed
but not encrypted messages. I'd like to follow through, but I am not sure if
it's gnupg or KMail, which is the proper forum. Does anyone (Werner) know
On Fri, Dec 16, 2011 at 03:51:34PM +, gn...@lists.grepular.com wrote:
I understand that once you've uploaded something to the keyservers, it
can't be removed. Eg, if I sign someone elses key and upload that, it
will be attached to their key permanently?
What if someone were to generate
On Mon, Oct 17, 2011 at 08:25:04PM +0200, Jerome Baum wrote:
How about an opportunistic approach? This email should include the
following header:
OpenPGP: id=C58C753A;
url=https://jeromebaum.com/pgp
The MUA could recognize a header like this one and remember that there's
a
On Tue, Apr 26, 2011 at 01:12:00PM -0700, Doug Barton wrote:
I think you can delsig, then sign again. The keyservers would have
both, but hopefully client software (like gpg) would be smart enough
to use the more recent? I would imagine that revoking a signature
and then signing again would
On Tue, Apr 26, 2011 at 07:47:55PM -0300, Faramir wrote:
Indeed. In fact, I keep some passwords on paper, just in case I can't
use my password manager (like the password to access the site where I
stored the password manager database backup. It doesn't include the
passphrase to open the
On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote:
Summary: A 3-word password (e.g., quick brown fox) is secure against
cracking attempts for 2,537 years.
http://www.baekdal.com/tips/password-security-usability
I'm just going to drop this here:
I signed a key, of which defaulted to cert-level 0 (I will not answer),
which must be the default. When signing the key, GunPG didn't ask me about
any checking. However, I would like to update the cert-level to 2 (I have
done casual checking), but I'm unaware of how to do this. Do I need to
revoke
On Sun, Apr 17, 2011 at 03:49:58PM -0700, Doug Barton wrote:
Summary: A 3-word password (e.g., quick brown fox) is secure against
cracking attempts for 2,537 years.
http://www.baekdal.com/tips/password-security-usability
Yeah, I've read it. It sucks. If an author claims they know something
On Thu, Apr 07, 2011 at 10:31:24AM +0200, takethe...@gmx.de wrote:
Definition: Signing a key means saying: I confirm the full name in
the key's ID is the keyowner's right name. The email address in the ID
is the one the keyowner put there, but I cannot guarantee it's
his/hers.
Yes you can,
On Fri, Apr 01, 2011 at 08:15:44AM -0400, Jerry wrote:
I think you are misunderstanding what I am inferring. For starters,
that is the 5th account that I have heard or known of that was hacked
in March alone. I am sure that the total is far higher based on a simple
statistical accounting of
On Thu, Mar 31, 2011 at 07:25:20PM -0400, Jerry wrote:
On Thu, 31 Mar 2011 15:41:57 -0600
Aaron Toponce aaron.topo...@gmail.com articulated:
http://passwordcard.org will fix that. :)
Dumping GShit would have been my first choice.
Not sure what your problem is. His account got hacked, likely
On Tue, Mar 15, 2011 at 10:22:45AM +0100, Werner Koch wrote:
Yes. Back in 1997 I implemented PGP 2 compatible code as the first
towards GPG. Obviously I needed IDEA and RSA for testing. That is the
reason why we have this code at all. Later a lot of people demanded
that IDEA and RSA should
On Tue, Mar 15, 2011 at 04:14:25PM +0100, Johan Wevers wrote:
I don't know, but I do know that adding IDEA does not complicate or
bloat GnuPG.
You're probably right. I guess I just don't understand supporting dead,
deprecated, proprietary technology, bloat or no bloat.
--
. o . o . o . .
On 03/13/2011 09:21 PM, Jonathan Ely wrote:
I apologise in advance if this is a stupid question to ask now or if
people already asked it before I stepped on the scene, but which
algorithm is more secure: DSA and EL GAMAL or RSA? I know the latter has
undergone a ridiculous amount of scrutiny
On 03/13/2011 05:42 AM, Jerry wrote:
Actually, it is a fine example of users/MUAs not correctly formatting
e-mail messages thereby forcing the use of a deprecated method.
[citation required]
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o
On 03/13/2011 06:56 AM, Brad Rogers wrote:
On Sun, 13 Mar 2011 06:05:12 -0600
Aaron Toponce aaron.topo...@gmail.com wrote:
Hello Aaron,
On 03/13/2011 05:42 AM, Jerry wrote:
Actually, it is a fine example of users/MUAs not correctly formatting
e-mail messages thereby forcing the use
On 03/13/2011 08:57 AM, Jerry wrote:
Outlook Express has been replaced by Windows Mail, an improved e‑mail
program with enhancements such as junk e‑mail filtering and protection
against phishing messages.
Why are we even discussing a product that in not and has not been
available for quite
On 03/11/2011 01:50 PM, Jonathan Ely wrote:
Hello. I use Enigmail, so of course I have GnuPG installed. I use 1.4.9
because [1] I can not find an executable for 2.0.17 for Windows, and [2]
I do not know how to configure the GPG-agent. Can somebody please assist
me with upgrading to 2.0.17 and
On 02/27/2011 08:27 PM, Robert J. Hansen wrote:
FM: [message]
RM: Hey, that's not me! I'm me. See? I've signed this with the same cert
I've used for everything else on this list.
FM: No, I'm the real Martin. I didn't sign up for this mailing list until
last week. You signed up here a
On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote:
Unfortunately, barring the case where you have an actual trust path to either
Martin, key signatures don't tell you much. After all, FM could easily make
up dozens of fake people keys and use them to sign his key.
Yes. Understood.
On Mon, Feb 28, 2011 at 11:58:02AM -0500, Robert J. Hansen wrote:
On 2/28/11 10:13 AM, Aaron Toponce wrote:
If a key has falsified signatures, it should be easy enough to find out.
Why?
I have never understood the tendency of people, particularly on this
list, to assume that people who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Tomaschik da...@systemoverlord.com wrote:
How about inline confuses users who don't know anything about
OpenPGP?
Meh. If anything, inline signatures sparked conversation.
- --
Sent from my Android phone with K-9 Mail. Please excuse my
On 02/27/2011 12:37 PM, Martin Gollowitzer wrote:
I sign *all* my e-mail except for messages sent from my mobile (in that
case, my signature tells the receiver why the message is not signed and
offers the receiver to request a signed proof of authenticity later) or
messages to people who can't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Grant Olson k...@grant-olson.net wrote:
Provider: Boost
Manufacturer: Motorola
Model: I1
Droid version: 1.5
This phone has two mail applications by default, one called 'email' and
another called 'gmail'. Both displayed PGP/MIME messages without
On 02/25/2011 08:46 PM, Robert J. Hansen wrote:
On 2/25/11 10:27 PM, Aaron Toponce wrote:
On 02/25/2011 07:39 PM, Robert J. Hansen wrote:
Bruce himself recommends AES over TWOFISH.
[citation needed]
_Practical Cryptography_. Read it. Other people on this list can
provide a page ref: I'm
On 02/26/2011 02:27 PM, Faramir wrote:
Here he says Twofish has speed comparable with AES, without some
vulnerabilities (but Serpent is considered even more secure). However,
he says if AES fails, you won't be blamed for using it (so is the safest
for your career). If you chose Twofish, and
On 02/26/2011 02:27 PM, Faramir wrote:
Here he says Twofish has speed comparable with AES, without some
vulnerabilities (but Serpent is considered even more secure). However,
he says if AES fails, you won't be blamed for using it (so is the safest
for your career). If you chose Twofish, and
On 02/26/2011 04:37 PM, Faramir wrote:
Because its author says you should move to Twofish?
Dammit! I meant Twofish, not Blowfish. I knew what I meant, but I didn't
type it.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
On 02/25/2011 03:22 PM, Ben McGinnes wrote:
You shouldn't need to worry about changing the preferred order. GPG
will determine the most compatible combination of ciphers and hashes
based on the keys used to encrypt messages. For example, my preferred
symmetric cipher is AES-256, but on a
On 02/24/2011 11:43 PM, Robert J. Hansen wrote:
My problem is reproducible on a stock Droid X running 2.2.something --
just got off a very long flight, funeral in the morning: I'll dig the
precise version number tomorrow.
So, I've been doing some triaging to see if I can reproduce this on
On 02/25/2011 07:39 PM, Robert J. Hansen wrote:
Bruce himself recommends AES over TWOFISH.
[citation needed]
I know that he's recommended AES-128 over AES-256, but I've not read
where he's recommended AES over TWOFISH.
I don't trust 3DES
Why? Bruce himself has said that if speed isn't a
Given the release of v1.4.10, the SHA256 hashing algorithm is preferred
over SHA1. Yet, after updating my default preferences with 'setpref' and
signing some text, SHA1 is still used as the default hashing algorithm.
Is there something else I need to do to ensure that I'm using SHA256 by
default
On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote:
On 24/02/11 8:03 PM, Doug Barton wrote:
You're using a 1024 bit DSA key, which won't allow for 256 bit
hashes. RIPEMD-160 is the largest you can use, and works well for
that kind of key.
Okay. That's understandable. That was
I generated my key back in 2004, and I've been a very vocal and active
supporter of GnuPG, encrypting communications, and digitally signing
mail. However, I was in a discussion with a friend, and the topic came
up that it is theoretically possible to rebuild your private key if
someone had access
On Thu, Feb 24, 2011 at 10:32:11AM -0500, Daniel Kahn Gillmor wrote:
On 02/24/2011 04:03 AM, Doug Barton wrote:
You're using a 1024 bit DSA key, which won't allow for 256 bit hashes.
RIPEMD-160 is the largest you can use, and works well for that kind of key.
This isn't actually the case.
On Thu, Feb 24, 2011 at 08:37:50PM +1100, Ben McGinnes wrote:
Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES,
CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA
Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5
Compression: BZIP2, ZLIB, ZIP, Uncompressed
Features: MDC,
On Thu, Feb 24, 2011 at 08:22:03PM -0500, Robert J. Hansen wrote:
On Android's mail application, PGP/MIME attachments are nigh-unusable.
It won't render even the plaintext portions: it has to be downloaded and
opened with a text reader. If you're concerned about your mail being
readable on a
First, there is _ZERO_ documentation for this binary. No manual, no info
page, nothing under /usr/share/doc/, segfaults pasing -h or --help.
Short of digging through the source, this is unacceptable.
Second, and probably as a result, I can't get this working for the life
of me. Correct me if I'm
On 10/21/2010 09:28 PM, Jameson Rollins wrote:
Hi, Aaron. You might be interested in some of the tools that come with
the Monkeysphere [0] package, which deals with a lot of OpenPGP for SSH
stuff. It comes with the utility openpgp2ssh, which translates OpenPGP
keys to SSH keys (and is well
73 matches
Mail list logo