Noiano wrote:
to choose and why. Is it one more secure than the other? I don't think
so but I think there are some difference that make one algorithm
suitable for some uses than the other.
There was a lengthy discussion on this list about the differences between
RSA and DSA a few weeks ago. I
If I had good reason to believe Google was up to something nefarious,
there is nothing in heaven or earth that would cause me to say yes,
that site is authentic.
The point of certificates is for you to be able to verify that you are on
the site you think you are, and not a fake one. If you go
Allen Schultz wrote:
Is there a comprehensive list of hashes used in encryption that can
help me choose which is the best to use?
I'm sure there is, but such a list would not do you much good. The
application you use probably only supports a few. Some are old and
insecure, and should not be
Ultimately, you trust _someone_. Which is precisely the point I made:
trust underlies everything. Without that fundamental trust, there's no
point talking about authenticity.
If that someone is yourself, do you still call it trust?
Some things about myself I only trust, such as my memory
Robert J. Hansen wrote:
This is not my experience. I've received spam addressed to my amateur
radio call sign (KC0SJE) at a domain that's not directly associated with
me. I don't know how it was discovered, but for right now I'm leaning
towards the hypothesis that spammers have made pacts
Robert J. Hansen wrote:
Because there is no such thing as an 'insignificant' amount of
resources. Everything has a price associated with it. The trick is to
get the most bang for your buck.
Well I guess what's insignificant to one person might not be to another. I
know some spammers get
Well, except that your attack isn't a birthday attack.
A birthday attack involves making a ton of different messages and
checking _all_ messages created to find _any_ collision.
Your attack involves taking one particular message and creating
permutations of it, one after another, looking
Robert J. Hansen wrote:
In the battle between armor and warhead, _always_ bet on the warhead.
Playing defensively and trying to make an email address invisible is
going to be an exercise in frustration. They always get seen. They
always get spammed. Play defensively and you lose.
Well if
I'm about to generate a new keypair, and got a few questions.
I have many e-mail addresses and change them frequently, and therefore I
don't want to have one in my public key. (Also because I'm afraid of
getting spam.) I think this would be easier than having to update a lot of
user IDs. Are
Robert J. Hansen wrote:
2. Why do you need an RSA keypair? The overwhelming majority of users
are best served by sticking with the defaults--which, in this case,
means a DSA/Elgamal keypair.
I prefer RSA keys because
- DSA does not have a hash firewall.
- They don't have a 1024 bit
Thanks again for all your answers, I'm really interested in this kind of
stuff.
Robert J. Hansen wrote (regarding DSA2 keys):
The latest versions of PGP support them.
That's good news. Can it also create them? But there are probably still
many using older versions. I know some who refuse to
Why are the keys in pubring.gpg in the order in witch they were
imported?
pubring.gpg is an internal data structure of gpg and only to be used
by gpg. If you want to export import stuff, you need to use the gpg
commands --import or --export.
Yes, I know how to import and export keys. But I
Why are the keys in pubring.gpg in the order in witch they were imported?
Is this not considered a security risk? Would it not be safer and more
convenient to have the keys sorted by user ID or key ID?
I deleted all files in my .gnupg directory, and then imported a public
key. Then I exported the
Hello,
I'd like to export all public keys in my keyring to seperate ASCII-armored
files, using the name from the user ID as the filname, and adding .asc
as the extension. If a key has multiple user IDs, then the name from the
newest one should be used. Is there a shell script that can do this?
Gabriele Alberti [EMAIL PROTECTED] wrote:
Keeping in mind my password can be composed with all 95 writeable ascii
chars,
using for example a 15 chars password gives me a password space of
95^15,
that is 463291230159753366058349609375 passwords..*much* smaller than the
256
bit keyspace
[EMAIL PROTECTED] wrote:
Well, my first attempt to repair would be to open the Key with the
Edit function in GPGshell and re-set the prefs (even if you keep them
the same) and then use the save Command. Whenever one tinkers with
their Key a new self-signature is generated showing the date
Hello,
I've got an old keypair, generated in 2003 with the current PGP version at
that time. When I import the secret key, I get:
gpg: key 75AC881F: no valid user IDs
gpg: this may be caused by a missing self-signature
I'm able to get the key to work in gpg, but is there any way to fix it, so
gpg --import filename
Oskar
Hi all,
In my previous linux installation i exported my keys to privatekey.txt
and publickey.txt files. After new installation i want to re-install
(re-import) them.
Which command should I use, or is there a way to re-import privatekey?
THX
Does anyone know why there still isn't a Debian package for version 1.4.2
of GnuPG? http://packages.debian.org/gnupg
Oskar
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
Can anyone recommend a transparent keyboard, or any kind of keyboard witch
makes it easy to check that a keylogger has not been installed inside
whilst you were away. I only found this one:
http://www.directron.com/kb603cl.html
Oskar
___
On Sat, Jul 23, 2005 at 03:33:53AM +, Oskar L. wrote:
Red Hat and others use a filename of MD5SUM, which is a clearsigned
file containing the human readable MD5 hashes. I like your CHECKSUMS
idea better since MD5 isn't the way to go any longer.
Naming a file containing hashes
Red Hat and others use a filename of MD5SUM, which is a clearsigned
file containing the human readable MD5 hashes. I like your CHECKSUMS
idea better since MD5 isn't the way to go any longer.
David
Naming a file containing hashes CHECKSUMS would not be a good idea, since
a hash is not the
Sorry if this is a bit off topic. When you calculate the hashes (sha1)
for
several files, and save them in a singel file, then is there any standard
witch states or suggests what this file should be called?
Not that I know of. The format used by sha1sum is probably the best
suited one.
http://www.euronews.net/create_html.php?page=detail_europalng=1option=0,europa
Patenting software in EU remains divisive - EP kills directive on harmonising
Using its muscle like never before, the European Parliament has thrown out
a controversial bill to harmonise patents on software. This was
Martin Geisler [EMAIL PROTECTED] wrote:
When you have 64 different possibilities, all of equal likelyhood,
then you can code them using 6 bit. This is what the entropy tells
you.
The fact that A in the 7-bit ASCII standard is 0101 is just a
coincedence --- they could just as well have
Hi,
I export a public key in binary format and open it in a hex editor. Is
there any documentation explaining what I see? Like if there are any
particular bits that begins and ends user ids, signatures etc.
Oskar
___
Gnupg-users mailing list
Hi,
Using the release candidate for version 1.4.2, I imported my public and
secret key, and just like with version 1.4.1 I got double self-signatures
on it. I then deleted the first one, exported both keys, deleted my
keyring, imported the keys, and the double self-signatures were still
there. I
Hi,
If I'm not misinformed the passphrase can be encoded using different
character sets. Can I in gpg change witch one is used, or does it depend
on witch operating system I use? How does it affect the way you calculate
entropy if a character is encoded using 16 or 24 bits (as some characters
are
Werner wrote:
When importing a secret key into a keyring without a public key, a
public key is created from the secret key. Due to historic reasons
the self-signature on the secret key is a different one than the one
created with the public key. How when importing the public key a new
Hello, I'm new on this list. Can anyone tell me why I get a second
self-signature when I do this:
[EMAIL PROTECTED]:~$ gpg --list-sigs
/home/oskar/.gnupg/pubring.gpg
--
pub 1024D/7EE6D97F 2005-05-18
uid foobar [EMAIL PROTECTED]
sig 37EE6D97F
30 matches
Mail list logo