Re: why is SHA1 used? How do I get SHA256 to be used?

2012-07-11 Thread brian m. carlson
an example? If you truly believe this, stop using OpenPGP. Is my statement not true for MD5? -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223

Re: why is SHA1 used? How do I get SHA256 to be used?

2012-07-10 Thread brian m. carlson
://eprint.iacr.org/2011/641 -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature

Re: ideal.dll

2012-06-22 Thread brian m. carlson
like I do with my v4 key. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature

Re: fingerprint

2012-04-28 Thread brian m. carlson
kinda defeats the purpose. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature

Re: [new-user] question

2012-04-12 Thread brian m. carlson
, there is no way to verify that I came from who you think it did. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description

Re: comments on uid

2012-03-17 Thread brian m. carlson
UID. If you want to do those two steps, you have to do them manually. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc

Re: compilation information ?

2012-03-13 Thread brian m. carlson
. For other platforms, the binary is always compiled in the ordinary way. I expect exposing this information was not considered to be terribly important since most platforms don't have this issue. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http

Re: small security glitches

2012-03-02 Thread brian m. carlson
if the block cipher is secure. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature

Re: Using the not-dash-escaped option

2012-02-02 Thread brian m. carlson
. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature

Re: [META] please start To: with gnupg-users@gnupg.org, i.e.:

2012-01-31 Thread brian m. carlson
On Tue, Jan 31, 2012 at 11:23:25PM +, MFPA wrote: On Monday 30 January 2012 at 7:06:43 PM, in mid:20120130190643.gb184...@crustytoothpaste.ath.cx, brian m. carlson wrote: The problem is that unlike regular list messages, the dupes don't come with the list headers, which makes sorting

Re: Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)

2012-01-28 Thread brian m. carlson
may sprout a keyserver daemon supporting this, but there's no guarantee that that will happen anytime soon, if ever. Don't hold your breath. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b

Re: RSA padding scheme

2012-01-26 Thread brian m. carlson
MFPA wrote: On Monday 23 January 2012 at 12:47:03 AM, in mid:20120123004703.GB10912 at crustytoothpaste.ath.cx, brian m. carlson wrote: This is not a problem with OpenPGP because the attacker never gets to see the value encrypted with RSA because it's the symmetric key. Isn't

Re: Using root CAs as a trusted 3rd party

2012-01-24 Thread brian m. carlson
that person's identity and key myself, I use a local signature. That way I don't have other people rely on my assertion if I haven't done the amount of checking that I would like to before making a public statement. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http

Re: 1024 key with 2048 subkey: how affected?

2012-01-23 Thread brian m. carlson
that verify signatures only once and then cache the results, but most implementations do not do that. Also, there's nothing preventing people from actually signing data with the primary key, so someone who is unfamiliar with your strategy might accidentally use a single, very large key. -- brian m

Re: RSA padding scheme

2012-01-22 Thread brian m. carlson
would have to support multiple padding schemes, which would be burdensome without providing significantly more security. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B

Re: RSA padding scheme

2012-01-22 Thread brian m. carlson
risking corrupting the structure of the method. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital

Re: maximum passphrase for symmetric encryption ?

2011-12-27 Thread brian m. carlson
data stored with the passphrase to make the hash unique even if you reuse the passphrase). This makes brute-force attempts slower since more computation is required. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion

Re: Bad Signatures when using check-sigs

2011-12-17 Thread brian m. carlson
. * Someone made an error in the OpenPGP implementation. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital

Re: kernel.org status: establishing a PGP web of trust

2011-10-01 Thread brian m. carlson
that you have a good PRNG, such as /dev/urandom, then there's not really much concern about k. After all, you also need a good PRNG for CFB IVs as well, although the consequences aren't as disastrous. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http

Re: Manually compute key fingerprint

2011-08-29 Thread brian m. carlson
ID or signature, which would not be hhelpful. If you need to be able to compute the fingerprint independently, you'll need to parse the public key packet and follow the formula specified in RFC 4880. It's not terribly difficult. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832

Re: Multiple Keyrings WAS Signing multiple keys

2011-08-26 Thread brian m. carlson
, separate keyrings in one directory (like /usr/share/keyrings). If you would like to use the --homedir method, nothing is preventing you from doing that. But breaking existing infrastructure will go over like a lead balloon. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623

Implementation question: validating left two of signatures

2011-08-12 Thread brian m. carlson
) actually give any credence to the left two whatsoever? If there's an OpenPGP implementers' list or another, more appropriate forum, please feel free to point me in that direction. I couldn't find one, so I posted here. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791