Re: SHA1 collision found

On 23 February 2017 at 19:24, wrote: > Today was announced that SHA1 is now completely broken > https://security.googleblog.com/2017/02/announcing-first- > sha1-collision.html This is nonsense. Google security team calling sha1 "completely broken" simply means google's security

Re: about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'

On 24 December 2015 at 17:02, Matthias Apitz wrote: > > Hello, > > I do not fully understand why some 4 random words like > > Correct, horse! Battery staple! > > is a better passphrase like, for example > > Und allein dieser Mangel und nichts anderes führte zum

PGP people said "I will only trust people I've had a beer with."

This is a great conversation in general, including the inventors of the web and the internet, pushing for more crypto http://www.w3.org/2015/10/27-tpac-minutes.html Vint: I would like to challenge people who are concerned about security...is there some irreducible level of inconvenience that's

Re: Facebook and OpenPGP

On 1 October 2015 at 17:56, Jon Millican wrote: > On 26 September 2015 at 03:24, Christian Heinrich < > christian.heinr...@cmlh.id.au> wrote: > > > > So as far as I am aware there is no integration with the Facebook > > GraphAPI yet :( > > Hi, I'm Jon - I work on OpenPGP

Re: Facebook and OpenPGP

On 1 October 2015 at 17:56, Jon Millican wrote: > On 26 September 2015 at 03:24, Christian Heinrich < > christian.heinr...@cmlh.id.au> wrote: > > > > So as far as I am aware there is no integration with the Facebook > > GraphAPI yet :( > > Hi, I'm Jon - I work on OpenPGP

Re: Facebook and OpenPGP

On 1 October 2015 at 22:30, Kristian Fiskerstrand < kristian.fiskerstr...@sumptuouscapital.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 10/01/2015 10:28 PM, Melvin Carvalho wrote: > > > > > > ... > > > > > Reference:

GPG UID

ive been looking at UID in gpg http://tools.ietf.org/html/rfc4880#section-5.11 is there any way to add an URL instead of an email address? or to have both an emall and URL in a cert? ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: gpg-agent as default ssh-agent on linux macines

On 15 August 2015 at 17:25, Damien Goutte-Gattat dgouttegat...@incenp.org wrote: On 08/15/2015 03:35 PM, Melvin Carvalho wrote: Is it possible to go the other way? openssh - gpg I recently wrote an openssh - X.509 converter in nodejs https://github.com/gitpay/util/blob/master

Re: gpg-agent as default ssh-agent on linux macines

On 15 August 2015 at 08:50, Damien Goutte-Gattat dgouttegat...@incenp.org wrote: On 08/14/2015 10:44 PM, Kai Lemke wrote: gpg v2.1 claims to be easy to use for SSH-authentification, too. For me that's really great, because you can have on public key with subkeys for all purposes, but I tried

Re: Thoughts on Keybase

On 15 December 2014 at 19:40, Robert J. Hansen r...@sixdemonbag.org wrote: Keybase (https://keybase.io) is trying to solve the Web of Trust problem in a new way. They're currently in beta, but I was able to snag an invitation. (I have no invites to give out, unfortunately.) The following

Re: making the X.509 infrastructure available for OpenPGP

On 4 February 2014 15:47, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 02/04/2014 09:01 AM, Mark H. Wood wrote: Having said that, you might look at how OpenSSH has included X.509 certificates in its operation. There is precedent for something like what you suggest. fwiw, the

Re: making the X.509 infrastructure available for OpenPGP

On 4 February 2014 15:47, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 02/04/2014 09:01 AM, Mark H. Wood wrote: Having said that, you might look at how OpenSSH has included X.509 certificates in its operation. There is precedent for something like what you suggest. fwiw, the

Re: Why OpenPGP is not wanted - stupid is in vogue right now

On 10 June 2013 10:46, Henry Hertz Hobbit hhhob...@securemecca.net wrote: My personal observations agrees with Rob Hansen's studies 100%. Even when required to use encryption people hate doing it and their concept is entirely focused on the ciphering with them thinking that people who use

Re: How difficult is it to break the OpenPGP 40 character long fingerprint?

On 3 June 2013 19:20, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 06/03/2013 08:04 AM, Melvin Carvalho wrote: Bitcoin is essentially a ledger where you have an array of fingerprints (160 bit hashes of a public key) and a value (number of coins in wallet). i thought that bitcoin

Re: How difficult is it to break the OpenPGP 40 character long fingerprint?

On 1 April 2013 19:46, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 04/01/2013 12:24 PM, adrelanos wrote: gpg uses only(?) 40 chars for the fingerprint. (I mean the output of: gpg --fingerprint --keyid-format long.) this is a 160-bit SHA-1 digest of the public key material and the

Re: Vanity Key

On 2 April 2013 18:45, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 04/02/2013 05:40 AM, Melvin Carvalho wrote: In bitcoin you have the concept of a 'vanity key' much like vanity license plates, see: https://bitcointalk.org/index.php?topic=25804.0 I wonder

Re: Vanity Key@@sig

On 3 April 2013 19:39, Andreas Mattheiss please.post@publicly.invalidwrote: Well, uhm, if it's really important to you: The concept of hashes/fingerprints/etc. is that it is (next to) impossible to find an entity-to-be-hashed (here a key) if you specify the hash. In fact a hash function that

Vanity Key

In bitcoin you have the concept of a 'vanity key' much like vanity license plates, see: https://bitcointalk.org/index.php?topic=25804.0 I wonder if there is anything similar for public keys in GPG? What would you iterate on, the key or the fingerprint?

Re: OpenPGP Authentication Protocol?

On 23 December 2012 23:17, Daniel Kahn Gillmor d...@fifthhorseman.netwrote: On 12/23/2012 04:42 PM, Hauke Laging wrote: Am So 23.12.2012, 16:31:01 schrieb Daniel Kahn Gillmor: the ssh specification declares the use pgp-style certificates:

Re: WOT and Authentication Research

On 5 December 2012 23:15, Patrick Baxter pa...@cs.ucsb.edu wrote: On Tue, Dec 4, 2012 at 5:29 AM, Melvin Carvalho melvincarva...@gmail.com wrote: Not sure I've grokked everything in this thread, but some thoughts. I'm working on the TL;DR version :). Tying a key to a 'domain' (aka URI

Re: import trustdb.gpg or start from scratch?

On 8 November 2012 14:01, Werner Koch w...@gnupg.org wrote: On Thu, 8 Nov 2012 09:37, melvincarva...@gmail.com said: Does anyone know if there's a safe way to recover my web of trust, or should I make an ultimately trusted key first, and start from scratch? ssh otherbox rm

import trustdb.gpg or start from scratch?

I've just managed to recover my gpg key from an old machine that died. But the trust db was not imported. Does anyone know if there's a safe way to recover my web of trust, or should I make an ultimately trusted key first, and start from scratch? ___

Is it possible to construct a GPG Certificate from an existing RSA key pair

Is it possible to construct a GPG 'Certificate' from an existing RSA key pair? I've got some 2048 RSA keys I'd like to reuse, is there any way I can use them to make everything I need for GPG? ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: Is it possible to construct a GPG Certificate from an existing RSA key pair

On 6 October 2012 16:15, Hauke Laging mailinglis...@hauke-laging.de wrote: Am Sa 06.10.2012, 15:53:25 schrieb Melvin Carvalho: Is it possible to construct a GPG 'Certificate' from an existing RSA key pair? I've got some 2048 RSA keys I'd like to reuse, is there any way I can use them

Re: Is it possible to construct a GPG Certificate from an existing RSA key pair

On 6 October 2012 18:34, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 10/06/2012 09:53 AM, Melvin Carvalho wrote: Is it possible to construct a GPG 'Certificate' from an existing RSA key pair? I've got some 2048 RSA keys I'd like to reuse, is there any way I can use them

Re: what is killing PKI?

On 24 August 2012 22:06, Robert J. Hansen r...@sixdemonbag.org wrote: On 08/24/2012 08:24 AM, peter.segm...@wronghead.com wrote: I propose to you (and to the people who are putting all that hard work into gpg) that there are actually two things killing PKI: At risk of sounding dismissive,

Re: what is killing PKI?

On 24 August 2012 14:24, peter.segm...@wronghead.com wrote: On 23/08/12 17:07, Robert J. Hansen - r...@sixdemonbag.org wrote: Deploying PKI is nowhere near as big of a problem as convincing people that PKI adds benefit to their lives. and Right now the number one thing killing PKI is

Re: keyserver spam

On 16 December 2011 18:50, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 12/16/2011 10:51 AM, gn...@lists.grepular.com wrote: I understand that once you've uploaded something to the keyservers, it can't be removed. Eg, if I sign someone elses key and upload that, it will be attached to

Re: digitally signing contracts

On 30 October 2011 05:21, Eric Abrahamsen e...@ericabrahamsen.net wrote: I own a small business that works with contractors all over the world, and I'm currently scratching my head over the issue of signing contracts. I know that gpg can/has been used to this purpose, but I wanted to ask the

Re: STEED - Usable end-to-end encryption

On 17 October 2011 20:11, Werner Koch w...@gnupg.org wrote: Hi! Over the last year Marcus and me discussed ideas on how to make encryption easier for non-crypto geeks.  We explained our plans to several people and finally decided to start a project to develop such a system.  Obviously it is

Re: Useful factoid

On 11 October 2011 22:32, Robert J. Hansen r...@sixdemonbag.org wrote: Accurate to 6%, there are 2**25 seconds in a year.  Worth remembering: it makes certain kinds of computations much easier.  (It follows there would be about 2**35 seconds in a thousand years, or 2**45 seconds in a million.)

Is there a way to browse the GPG web of trust?

Just wondering is there a way to browse the GPG web of trust? Is some of the signing data public and downloadable, or is it mainly private? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Is there a way to browse the GPG web of trust?

On 7 October 2011 11:51, Aaron Toponce aaron.topo...@gmail.com wrote: On Fri, Oct 07, 2011 at 10:26:59AM +0200, Melvin Carvalho wrote: Just wondering is there a way to browse the GPG web of trust? Is some of the signing data public and downloadable, or is it mainly private? Yes

Re: Is there a way to browse the GPG web of trust?

On 7 October 2011 17:54, Aaron Toponce aaron.topo...@gmail.com wrote: On Fri, Oct 07, 2011 at 12:46:32PM +0200, Melvin Carvalho wrote: This is awesome, thanks! No problem. It's pretty crazy stuff. Is it possible to get a dump of all the signatures in a particular key server? Possible

Re: Is there a way to browse the GPG web of trust?

On 7 October 2011 20:55, Aaron Toponce aaron.topo...@gmail.com wrote: On Fri, Oct 07, 2011 at 06:56:36PM +0200, Werner Koch wrote: On Fri,  7 Oct 2011 11:51, aaron.topo...@gmail.com said:     gpg --list-sigs --keyring ~/.gnupg/pubring.gpg | sig2dot ~/.gnupg/pubring.dot 2

Adding Parameters to a Public Key

I've noticed that some apps add some fields on the end of your public key e.g. in Retroshare, the end of my key looks like this: -END PGP PUBLIC KEY BLOCK- --SSLID--5bcc296e6b3e40c859a031dd6c0d07b3;--LOCATION--home; In this case: SSLID=5bcc296e6b3e40c859a031dd6c0d07b3 LOCATION=home

Re: Extract numbers from a key

On 2 August 2011 20:10, Sébastien tigresetdrag...@yahoo.fr wrote: Hello, I would like to know an easy way to get numbers used in a key. For example, in a RSA key, N and e (used like this: message^e modulus N) Why do you want N and E? I think exponent is almost always 65537 Some apps display

Re: Including public key

On 28 July 2011 16:01, MFPA expires2...@ymail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 28 July 2011 at 12:53:41 PM, in mid:4e314dc5.4000...@freenet.edmonton.ab.ca, Jay Litwyn wrote: Attaching a photo to your public key might help. So might putting a