Re: More secure than smartcard or cryptostick against remote attacks?

2013-02-07 Thread Hubert Kario
to the GPG project (basically only the people that would have the means, knowledge and time to bisect the issue). Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl

Re: More secure than smartcard or cryptostick against remote attacks?

2013-02-06 Thread Hubert Kario
the metadata very carefully. I'd suggest to make a habit of not trusting PDF files with currently invalid timestamps... Or files without cryptographic timestamps with currently invalid signatures... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48

Re: air gap private key?

2013-02-04 Thread Hubert Kario
the traffic from the offline machine can be one-way Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl smime.p7s Description: S/MIME cryptographic signature ___ Gnupg

Re: Is a document signed with hellosign legally binding?

2013-01-03 Thread Hubert Kario
to their service. gmail can do just as much. I'd say if the other person signing a contract is also using gmail it's just as secure and trustworthy. But maybe it's just my bias against crypto that doesn't use DSA/RSA/ECC... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul

Re: Seperate RSA subkeys for decryption and signing or one for both?

2012-12-04 Thread Hubert Kario
of thousands of documents with it, an attacker can recover substantial portion of the key and speed up the key recovery. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl

Re: Seperate RSA subkeys for decryption and signing or one for both?

2012-12-04 Thread Hubert Kario
On Tuesday 04 of December 2012 14:14:34 Hauke Laging wrote: Am Di 04.12.2012, 13:19:11 schrieb Hubert Kario: Keys can become used up so it entirely depends on how often you use it. What I mean by that, is that any signing operation leaks some information about the key used for signing

Re: Seperate RSA subkeys for decryption and signing or one for both?

2012-12-04 Thread Hubert Kario
On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote: On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario h...@qbs.com.pl wrote: On Monday 03 of December 2012 12:41:10 Hauke Laging wrote: Hello, are there arguments for preferring either a) having one RSA subkey for decryption only

Re: Seperate RSA subkeys for decryption and signing or one for both?

2012-12-04 Thread Hubert Kario
On Tuesday 04 of December 2012 16:07:26 Nicholas Cole wrote: On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario h...@qbs.com.pl wrote: On Monday 03 of December 2012 12:41:10 Hauke Laging wrote: Do any problems arise with the smartcard if the same key shall do different tasks? Keys can

Re: new release of GPA

2012-10-30 Thread Hubert Kario
not make it more or less so. Just shut it and stop making a fool out of yourself. -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg

Re: Is it possible to construct a GPG Certificate from an existing RSA key pair

2012-10-06 Thread Hubert Kario
to know. There is some support for PGP in Bouncy Castle, so if is possible you should look at their API. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl

Re: collision vs. preimage attacks: policy for signing data created by others

2012-10-05 Thread Hubert Kario
On Friday 05 of October 2012 01:13:54 Hauke Laging wrote: Am Do 04.10.2012, 22:09:27 schrieb Hubert Kario: won't the answer to that depend on the hash in question? Probably. So the question could be changed to: For which hashes does the value change and for which not? Limited to the hashes

Re: use of multiple keys

2012-09-25 Thread Hubert Kario
be usable as long as the user knows what he's doing. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http

Re: gpg clear signed message on website

2012-09-03 Thread Hubert Kario
(in linux: diff (hexdump -C original.txt) (hexdump -C copy-from-website.txt) I'd guess have a problem with line endings Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl

Re: what is killing PKI?

2012-08-28 Thread Hubert Kario
, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: what is killing PKI?

2012-08-28 Thread Hubert Kario
it personally though. We've got plenty of tinfoil hatted individuals, shills or plain misinformers on this list in the past. *Because* it's a cryptography list. Whatever your ID looks like a real name or not has nothing to do for it. Over and out. Regards, -- Hubert Kario QBS - Quality Business Software

Re: Elliptic Curve Cryptography

2012-08-13 Thread Hubert Kario
they won't be verifable anyway. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman

Re: learning curve like Monte Cervino

2012-08-02 Thread Hubert Kario
, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [OT] Multi-user hierarchical password management via pki

2012-07-27 Thread Hubert Kario
it, let alone use. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo

Re: [OT] Multi-user hierarchical password management via pki

2012-07-27 Thread Hubert Kario
in the first place. It is no different than changing the data inside the entry... It requires usage of cryptographic primitives, not simple wrapers aroung gpg but it's completely doable. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646

Re: can someone verify the gnupg Fingerprint for pubkey?

2012-06-06 Thread Hubert Kario
of fingerprint. Regards, Hubert Kario Date: Wed, 6 Jun 2012 09:31:15 -0400 From: shavi...@gmail.com To: gnupg-users@gnupg.org Subject: Re: can someone verify the gnupg Fingerprint for pubkey? Sam Smith snt123-w473749522376a8d4b7b6eac2...@phx.gbl June 6, 2012 9:25:37 AM wrote: Sam Smith

Re: Some people say longer keys are silly. I think they should be supported by gpg.

2012-05-30 Thread Hubert Kario
if the planting is uncoordinated. As a thought experiment, what happens when all the real protesters have gone on to something else and plants from various agencies make up 100%? Ahh, the Memoirs Found in a Bathtub! Well written book, quite captivating. -- Hubert Kario QBS - Quality Business Software 02

Re: getting an encrypted file to show what public key was used

2012-05-29 Thread Hubert Kario
any form of crypto is hard enough. We don't need to show them that it doesn't fix all problems... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg

Re: PGP interoperability

2012-05-25 Thread Hubert Kario
for asymetric crypto, I'd say you're probably right. But that's just speculation, we will know in 30 - 40 years... :) Regards. -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl

Re: There may be more to security than password length, or even its complexity.

2012-05-23 Thread Hubert Kario
... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Some people say longer keys are silly. I think they should be supported by gpg.

2012-05-22 Thread Hubert Kario
memo? Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Some people say longer keys are silly. I think they should be supported by gpg.

2012-05-22 Thread Hubert Kario
would be to invest in a sturdy steel codpiece and a long passphrase. David everything that could be invented has been invented 640k ought to be enough for anybody Do we really have to repeat the history? Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30

Re: SSH Agent keys 4096 bit?

2012-05-05 Thread Hubert Kario
RSA or (which is unmaintainable) manually force use of 8k DH. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl ___ Gnupg-users mailing list Gnupg-users

Re: SSH Agent keys 4096 bit?

2012-05-05 Thread Hubert Kario
On Friday 04 of May 2012 08:40:31 Robert J. Hansen wrote: On 05/04/2012 06:07 AM, Hubert Kario wrote: It still doesn't change the overall picture: 1. migrating to ECC is hard and complicated 2. using 8k RSA is easy Nor does it change 3. using 8K RSA gives a modest increase

Re: SSH Agent keys 4096 bit?

2012-05-05 Thread Hubert Kario
On Saturday 05 of May 2012 20:03:04 Peter Lebbing wrote: On 05/05/12 15:49, Hubert Kario wrote: As far as I know, OpenSSH uses DH parameters of the same size as the RSA keys: for 8k DH you need 8k RSA or (which is unmaintainable) manually force use of 8k DH. Okay, going out on a limb

Re: SSH Agent keys 4096 bit?

2012-05-04 Thread Hubert Kario
passed over secure links are passwords and http cookies. Which basically never have validity of over 10 years and 1 year respecitvely. Thing is, that is not the only use-case of crypto systems. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48

Re: SSH Agent keys 4096 bit?

2012-05-03 Thread Hubert Kario
in comparision. Using large keys would be stupid only if you need low latency/high IOPS system that can't use long lasting secure channels: web servers. But that's not our use case. Regards, Hubert Kario [1]: http://www.ssi.gouv.fr/IMG/pdf/RGS_B_1.pdf [2]: Practical Cryptography, Chapter: RSA Defined

Re: verify TrueCrypt

2012-02-22 Thread Hubert Kario
The truecrypt-7.1a-linux-x64.tar.gz.sig file is only 72 bytes long. It may be because of long keys used by Arch developers, but all signature files I see are 287 bytes long. I'd go and ask the developers directly. -- Hubert Kario hub...@kario.pl ka...@wit.edu.plhttps://hubert.kario.pl

Re: Creating a key bearing no user ID

2012-01-23 Thread Hubert Kario
. they can be made useless with only a little bit of know-how and few simple tools. The only known working attacks on cryptography use brute force: similar to going through the wall, when the doors with a lock are too big of an obstacle. Regards, -- Hubert Kario QBS - Quality Business Software

Re: Creating a key bearing no user ID

2012-01-23 Thread Hubert Kario
On Monday 23 of January 2012 18:18:35 Robert J. Hansen wrote: On 1/23/12 11:34 AM, Hubert Kario wrote: And there's a very good reson why you shouldn't be a fan of such comparisions: Unlike physical security, properly implemented cryptography is unbreakable at this time. This, of course

Re: keyserver spam

2011-12-20 Thread Hubert Kario
use is funny. But then, what can they do when people forget their passwords 5 minutes after they set them or use the same password on facebook and their bank... If only the horse battery staple correct method was taught as *the* method for creating and remembering passwords... -- Hubert Kario QBS

Re: keyserver spam

2011-12-20 Thread Hubert Kario
On Tuesday 20 of December 2011 17:34:24 Johan Wevers wrote: On 20-12-2011 16:49, Hubert Kario wrote: Yeah, the kind of protections banks use is funny. But then, what can they do when people forget their passwords 5 minutes after they set them or use the same password on facebook

Re: Which ExpressCard/54?

2011-11-19 Thread Hubert Kario
hands-on experience with them or other suggestions? The gemalto reader is actually a USB card reader, so any experience with USB readers should also apply. -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl

Re: Win7: Kleopatra does not open

2011-10-22 Thread Hubert Kario
On Friday 21 of October 2011 11:21:59 Roland Siemons (P) wrote: Therefore I need to be able to execute Kleopatra or GPA. Unfortunately Kleopatra does not work. Kleopatra is part of KDE, so you may have more luck with asking on the KDE mailinglist. -- Hubert Kario QBS - Quality Business

Re: STEED - Usable end-to-end encryption

2011-10-19 Thread Hubert Kario
if you know the person) and the full can be verified just as easily. The problem is that people don't feel the need for authentication and privacy in e-mail. They feel that e-mail is secure (after all I use encryption to my e-mail server). Regards, -- Hubert Kario

Re: Extract numbers from a key

2011-08-14 Thread Hubert Kario
On Sunday 14 August 2011 14:05:02 Peter Lebbing wrote: On 14/08/11 13:41, Hubert Kario wrote: From what I learned, RSA cracking is basically an exaustive search. If your prime is composite, it is at most half as long as a real prime would be. So, instead of a ~1024 bit prime you have

Re: How secure are smartcards?

2011-07-26 Thread Hubert Kario
On Monday 25 of July 2011 17:45:16 Werner Koch wrote: As it is not possible to secretly read out the key you will almost always have the opportunity to revoke the key before a damage is possible. The key is also useful for decrypting past communication... Regards, -- Hubert Kario QBS

Re: How secure are smartcards?

2011-07-24 Thread Hubert Kario
of thousand of dollars. Not to mention that you have only one try at it... It's at the point that any real attacker would perform rubber hose cryptanalysis. Even before trying to break the card. Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22

gpgsm and OCSP problems

2011-07-20 Thread Hubert Kario
: Unknown system error -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users