On 6/26/2012 3:22 AM, Werner Koch wrote:
This is very different in OpenPGP. SHA-1 is not used everywhere; its
main use is for the fingerprint, this will eventually be a problem.
I am not so sanguine. Marc Stevens claims [1] he has a working
collision requiring 2**57 compressions: that number
On Tue, Jun 26, 2012 at 01:12:12AM -0400, ved...@nym.hush.com wrote:
it will be interesting to see if V4 keys will be gracefully
abandoned as SHA1 becomes as broken as MD5,
or if there will be die-hards holding onto they their V4 keys no
matter what ...
Please fix your client. I don't
On 06/27/2012 09:11 AM, Robert J. Hansen wrote:
On 6/26/2012 3:22 AM, Werner Koch wrote:
This is very different in OpenPGP. SHA-1 is not used everywhere; its
main use is for the fingerprint, this will eventually be a problem.
I am not so sanguine. Marc Stevens claims [1] he has a working
On 6/27/2012 10:24 AM, Daniel Kahn Gillmor wrote:
For the key's fingerprint specifically, a pre-image (where the attacker
crafts a new text that shares a digest with the victim's key material)
is the thing to worry about, not a crafted collision (where the attacker
generates two texts that
On Wed, 27 Jun 2012 07:32:17 -0600
Aaron Toponce aaron.topo...@gmail.com wrote:
Hello Aaron,
Please fix your client. I don't know if you can tell, but you are
breaking the threads. Your client should support the 'in-reply-to' and
vedaa is using Hushmail; A web mail system.
--
Regards _
On Tue, 26 Jun 2012 07:12, ved...@nym.hush.com said:
it will be interesting to see if V4 keys will be gracefully
abandoned as SHA1 becomes as broken as MD5,
This is very different in OpenPGP. SHA-1 is not used everywhere; its
main use is for the fingerprint, this will eventually be a
Robert J. Hansen wrote:
On 06/24/2012 06:11 PM, Werner Koch wrote:
I am telling for more than a decade that PGP 2 should not be
used
anymore.
The list may find my own timeline of MD5 to be worth reading --
it might
give some insight into why PGP 2 (in particular the MD5
Werner Koch wk at gnupg.org wrote on
Wed Jun 20 10:29:28 CEST 2012 :
The next version of Libgcrypt will support IDEA and thus GnuPG 2.1
will be able to decrypt old (i.e. PGP 2) files, directly.
Will GnuPG 2.x then allow importation of v3 keys?
(main reason I still prefer 1.4.x over 2.x)
vedaal at nym.hush.com vedaal at nym.hush.com wrote on
Thu Jun 21 19:05:06 CEST 2012 :
Will GnuPG 2.x then allow importation of v3 keys?
(main reason I still prefer 1.4.x over 2.x)
Sorry,
my mistake, gnupg 2.x does import v3 keys,
haven't looked at this aspect for a while, as I couldn't use my
On 06/21/2012 01:21 PM, ved...@nym.hush.com wrote:
vedaal at nym.hush.com vedaal at nym.hush.com wrote on
Thu Jun 21 19:05:06 CEST 2012 :
Will GnuPG 2.x then allow importation of v3 keys?
(main reason I still prefer 1.4.x over 2.x)
Sorry,
my mistake, gnupg 2.x does import v3 keys,
On 06/21/2012 04:38 PM, Daniel Kahn Gillmor wrote:
unfortunately, this is indeed the case. v3 keys have a serious
vulnerability in that their fingerprint mechanism is trivially gamable,
so long keyid collisions are easy.
It's quite a bit worse than that, really. If I understand things
Hello John !
John jw722531.1.5izon.net wrote:
load-extension C:\Progra~1\GNU\GnuPG\lib\idea.dll
However, in Win 7 there is no such directory with the installation of Gpg.
Should I create one below the current program installation directory or
simply put it into the program's installation
On Wed, 20 Jun 2012 07:56, laurent.ju...@skynet.be said:
It's defined in GPG.CONF:
Nope. GnuPG-2 does not support loading of extensions. the option is a
dummy option. The reason for this is that crypto operations are done by
Libgcrypt and not by gpg.exe.
The next version of Libgcrypt
for ages.
Hi, Werner.
When I have to make use of idea.dll so that I can decrypt messages that
were encrypted with it, I then use Gpg 1.4.x, and I have it in an altogether
separate folder from the real installation of Gpg 2.0.x. I could not agree
with you more in regard to its comparatively
On Wed, 20 Jun 2012 19:03, jw72...@verizon.net said:
Is there any reason I should not place it in the same folder as the
gpg.exe version 1.4.x and then make reference to it there? Thanks.
I think this is okay.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
gpg: [stdin]: clearsign failed: unknown cipher algorithm
Of course we have already downloaded and intalled the idea.dll made for
Windows 32. However, there are no 'options' or gnupg config files nor
does it have the files structure of WinXPP.
One instruction said we should copy file idea.dll
the idea.dll made for
Windows 32. However, there are no 'options' or gnupg config files nor
does it have the files structure of WinXPP.
It's not all that different. C:\Documents and Settings\username is now
C:\User\username. Application Data is now AppData. The change is the
addition at the next level
17 matches
Mail list logo
