Re: Network Neutrality
On Fri, 2006-03-17 at 07:09 -0800, Robert Wohleb wrote: This morning I was surprised to find my download and upload speed higher than normal. Hell, a 2.8GB download i supposed to complete in 12 hours. That hasn't happened for a while on Cox. Hopefully this isn't a fluke. I'll report back if this keeps up. As far as I can tell, Cox stopped sniping bittorrent and gnutella connections with reset packets the day or the day after I told them that I'd expose their practices. Maybe they started again afterwards. Or maybe they only stopped corrupting my and my friends' traffic. If encrypting your connections gives a speed boost, then maybe some more investigating needs to be done. I'm sure it is also only a matter of time before Cox gets around this if this is really helping. I doubt it. Provided that bittorrent end to end encryption means something akin to Diffie-Hellman key exchange at the start of each connection, there are two ways around this, that I can think of, both of which suck for Cox: 1. Content-based whitelisting, meaning you can't make any kind of connection in or out unless Cox can identify the type of traffic by its content. If Cox can't determine the content of the connection because it's encrypted and Cox has not broken the encryption, then Cox terminates the connection. This would mean lots of work for Cox, and lots of support calls from lots of unhappy customers (My streaming video never works! I'm sorry, but we haven't programmed our systems to track all of your streaming video viewing yet. You'll have to wait.). 2. A man in the middle attack, meaning Cox decides to break the encryption, which is a mostly straightforward process in this case. This creates several interesting problems. The first is that Cox would have to attempt such an attack on each unidentifiable connection (Oh, that's not HTTP. Better mess with it.). The result would be that any connection using a protocol that Cox's system isn't set up to interpret and that is NOT using bittorrent end to end encryption (think multiplayer games, NFS, whatever) would almost certainly be corrupted. This is maybe worse for the end user than whitelisting. The second is that provided Cox wants to keep its activities secret (as seems to be the case so far), it would have to throttle encrypted bittorrent connections instead of terminating them entirely. That would mean that a Cox computer would have to participate in each encrypted connection from start to finish. Let's be conservative and say that there are 5,000 bittorrent connections in and out of humboldt county via Cox's network at any given time. Then Cox's servers would have to perform the encrypting and decrypting work normally parcelled out to 10,000 home PCs continuously.* Eric *P.S. There is a neat game to be played here. Suppose that Cox can purchase enough computing power to do the job (hardware+software+electricity +maintenance), and that the massive P2P throttling system pays for itself in bandwidth savings. Then suppose peer to peer developers start layering symmetric ciphers. Then the CPUs participating in the peer to peer network will be a little more loaded down, but Cox will need a much larger throttle farm to do the job. Will P2P users not be able to participate in the network because they don't have fast enough computers to do all the encryption? Or will Cox decide that the throttle farm costs more to operate than they are saving in bandwidth? Who will give up first? signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Force GPG to write a file?
Hi all, Last question :) By default, gpg will refuse to write to a file (myfile.gpg) that already exists. Is there a way to change this behaviour? I am running gpg on batch mode on a server to encrypt a database before downloading. So I need to temporarily store the encrypted file on the server. There are two ways to accomplish this: 1) Give Apache write permission to an entire directory, so it can add and delete files in that directory. 2) Give Apache write permission to just one file (myfile.gpg) and keep overwriting every time I download a new encrypted backup. Right now I'm doing (1) but I guess that (2) would be better. But I can only do (2) if I can confince gpg to overwrite an existing file. I looked at the man page and FAQs and I couldn't find this information. Thank you for your help. Cheers, Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Passphrase on the command line
Hello, This should be a simple question. What is the recommended way to decrypt a file from a script that runs on a cron job? This is what I have so far: cat passphrase | gpg -o MyData --passphrase-fd 0 -d MyData.asc Where 'passphrase' has the chmod permission 400. Is this the best option? Background: I want to setup a cron job to regularly download an encrypted backup of a database, decrypt it, and store it here (this computer then gets backed up onto tape drives). Thank you for your advice. Cheers, Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
segfault in gnupg14 (was: How to sign with non-subkey?)
On Tue, 21 Mar 2006, Simon Josefsson wrote: [EMAIL PROTECTED]:~$ echo foo |gpg -a -s -v -u b565716f gpg: using subkey AABB1F7B instead of primary key B565716F gpg: writing to stdout gpg: using subkey AABB1F7B instead of primary key B565716F gpg: RSA/SHA1 signature from: AABB1F7B Simon Josefsson [EMAIL PROTECTED] -BEGIN PGP MESSAGE- Version: GnuPG v1.4.2.2 (GNU/Linux) owGbwMvMwMS4XF34xKrd8tWMp7mSGFwURP6l5edzdZxiYWBkYjBhZQKJ6Io0MACB KAN/QXaibmJKSlFqcbFDel5pQbpeflF6VmKxQ2pFSWleSr5ecn4uAxenAMzQy+bM /4v/zBGfa+XAOvOGXqTUwQde0rPmL9P6KDS/8HLSjbKjN5fM+bfO0StszgfhZK0N R3X5lKuSzsUa1B5fWvKed/HOTZ9rbrUw8ZdwuT9d33bV/8xzcbFLe+y//76ttcg8 v3G1sbjG1kSh62GcnIEmgay1uU4C06ezaT7wbJ1222IN60yGD7w3DwAA =HgpN -END PGP MESSAGE- [EMAIL PROTECTED]:~$ While handling this block my gpg segfaulted. | [EMAIL PROTECTED]:~$ gpg blurb | foo | gpg: Signature made Tue Mar 21 16:00:14 2006 CET using RSA key ID AABB1F7B | | gpg: Segmentation fault caught ... exiting | zsh: segmentation fault gpg blurb After enabling coredumps: #0 0x08066b35 in is_valid_mailbox (name=0x20 Address 0x20 out of bounds) at misc.c:1112 1112 return !( !name (gdb) bt #0 0x08066b35 in is_valid_mailbox (name=0x20 Address 0x20 out of bounds) at misc.c:1112 #1 0x0806111c in get_pka_address (sig=0x8188cf0) at mainproc.c:1350 #2 0x08061198 in pka_uri_from_sig (sig=0x812f9c0) at mainproc.c:1377 #3 0x08062181 in check_sig_and_print (c=0x8133820, node=0x812faf8) at mainproc.c:1576 #4 0x080628cb in proc_tree (c=0x8133820, node=0x8131698) at mainproc.c:1965 #5 0x0805e84c in release_list (c=0x8133820) at mainproc.c:97 #6 0x08060ed1 in do_proc_packets (c=0x8133820, a=0x812d538) at mainproc.c:1323 #7 0x08060c8e in proc_packets (anchor=0x8188cf0, a=0x8188cf0) at mainproc.c:1135 #8 0x08054c22 in handle_compressed (procctx=0x8188cf0, cd=0x812d490, callback=0, passthru=0x8188cf0) at compress.c:326 #9 0x0805fcf8 in proc_compressed (c=0x8131638, pkt=0x812d480) at mainproc.c:756 #10 0x08060f28 in do_proc_packets (c=0x8131638, a=0x812d538) at mainproc.c:1281 #11 0x08060c8e in proc_packets (anchor=0x8188cf0, a=0x8188cf0) at mainproc.c:1135 #12 0x0804fc75 in main (argc=0, argv=0xbf9db188) at gpg.c:3736 full: #0 0x08066b35 in is_valid_mailbox (name=0x20 Address 0x20 out of bounds) at misc.c:1112 No locals. #1 0x0806111c in get_pka_address (sig=0x8188cf0) at mainproc.c:1350 pka = (pka_info_t *) 0x0 nd = (struct notation *) 0x8188cf0 notation = (struct notation *) 0x8188cf0 #2 0x08061198 in pka_uri_from_sig (sig=0x812f9c0) at mainproc.c:1377 No locals. #3 0x08062181 in check_sig_and_print (c=0x8133820, node=0x812faf8) at mainproc.c:1576 uri = 0x8188cf0 [EMAIL PROTECTED] sig = (PKT_signature *) 0x812f9c0 astr = 0x810c42a RSA rc = 9 is_expkey = 0 is_revkey = 0 #4 0x080628cb in proc_tree (c=0x8133820, node=0x8131698) at mainproc.c:1965 n1 = 0x812faf8 rc = 135826672 #5 0x0805e84c in release_list (c=0x8133820) at mainproc.c:97 No locals. #6 0x08060ed1 in do_proc_packets (c=0x8133820, a=0x812d538) at mainproc.c:1323 pkt = (PACKET *) 0x8131790 rc = 0 any_data = 1 newpkt = 0 [...] Latest svn on ia32, debian sarge. -- PGP signed and encrypted | .''`. ** Debian GNU/Linux ** messages preferred.| : :' : The universal | `. `' Operating System http://www.palfrader.org/ | `-http://www.debian.org/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase on the command line
Stef Caunter wrote: The documentation does not recommend this. Since you appear to not want to store the ciphertext but the plaintext, an encrypted network transfer seems appropriate and less expensive. Write the backup to an ssh pipe instead of a temporary file. Is there any documentation on how to do that? Daniel. -- /\/`) http://opendocumentfellowship.org /\/_/ /\/_/ A life? Sounds great! \/_/Do you know where I could download one? / ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase on the command line
Is there any documentation on how to do that? Say server A has the original data and server B has the backup. You can do from server A: backup_tool | ssh [EMAIL PROTECTED] dd of=/path/to/backup or you can do from server B: ssh [EMAIL PROTECTED] backup_tool | dd of=/path/to/backup Regards, -- Raphaël signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[GPGOL] No keys found
Hello! I have just installed the latest WinPT and GPGOL on a Windows XP SP2, with Outlook 2003. The installation was successful and I have created my own set of keys and imported some friends public keys. In WinPT I can sign and encrypt with my key and I can encrypt using my friends public keys. BUT, in Outlook/GPGOL I create a new mail, select Sign Message with GPG and press Send. I now get an dialog, Secret Key Dialog which has a DropDown control that's EMPTY! If I instead select encrypt message with GPG I get Recipient Dialog, and my recipients are in the Recipient which were not found edit field. So I'm guessing that GPGOL can't find my keys! I have checked preferences for GPG and GPGOL and they are all pointing to the directory where pubkeys.gpg and seckeys.gpg are. Anyone that has a clue what the error is? // Anders -- -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1 mQGiBEQg8VYRBACOOXStH4ZhRLmGUDXghrFzlB/UU7Hkcitgkdr/HQeStKC3JRit pwqVvbpGe0y7v1EAXhvxt0GJ8JTNY6E5420O2fThOyKjaf5RoKAzRDb/GnCtuhv2 uvcOFQXR4pLGMekjeqr2GljFD4+CZCQxdHH7gyHoMYzLjqtH5v/py3O5PwCguwbj IK+gJwYyAP6U7hDlkUb7UyMD/j/8HlR0ySvhEIN5zu0f647Rat04uK9v+oqZe084 DVJhmiCpaNn6S4blfMMCxZAWtC7Np/C24c+/fwIVoUkwC60qN7nHUUTUWOBEWYOI 8nv+x8ZzoULRGY25DHRc2eKsBh2CZYUPNrR3++CGFOiLjpMlG9Kdf1jc/hKrvaks klI1A/0cbOuNtwG064repJ1IdB6xtswppCyIdb2oGYA8PWen4vI3xRihWaXGSKBI SIKJO/W88aQlBvZ/Rt08Pfxvfkw8TaJs4E2PCKHGrSV/S6aiwggUJHGYPmaJHn/5 87bkVM7sy9V5glZVH7dSK+qWQM2t42K/DjRgptBsp/kV0wj/hbQkQW5kZXJzIEVy aWtzc29uIDxhbmRlcnNAb3N0bGluZy5jb20+iF0EExECAB0FAkQg8dUFCQeGH/8F CwcKAwQDFQMCAxYCAQIXgAAKCRB28dAybUSHYOnMAJ9+CwLVNFS8WjokFZMKh0c7 KU2tpQCeNmiz4ASuGnIPODdD0gjs4aD0jym5AQ0ERCDxWRAEANGRh5WFIq1TmCD9 FgOuNRGFzANg1kLfOqsvW6GXROXREsR31HFmZ8DSly5eTjYNs9hO49HRqVTeDkyq 83KHnaBGik24fqV7yUx2l4ER0imBM7eepcVJwUE5HIm2gU+rqbrFVBmT/fle7UlS jGLLlhmjnSJV3o4kEpLFhlj9d/i7AAMFA/0WSfLjRlD75+Eg1CC8pb0xtaYtq2mR 4MNsFsFkdforC4218q/2Zjx1iU+Qyjg+KWPW/V0QCqKJy5wArl/lOPgIN2oP+UOq FMOxYV7iRq3x+D82ntlJhTwUAlS0ifHmJ/q8vkhAHVeVo3NSqJgKJWQX3kwJIomx qYbOYDmd5S+se4hGBBgRAgAGBQJEIPFZAAoJEHbx0DJtRIdgz9IAmwUeNJMDnkve Yi110dFf68sB5WC3AKCBmS4Gt9VmbynUsvYsAHz/7Xb9cw== =Ypr/ -END PGP PUBLIC KEY BLOCK- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Passphrase on the command line
Here is my idiom; checking for success is vital. See openssh documentation for details on key-based shell access. Test for transparent access, if using gpg, test for undisturbed encryption with --batch. You can pipe the dump (or tar) to gpg instead of gzip. File size will be reduced. The dd command can also hit a tape, though this isn't always practical with nightly cron stuff. OK=`/sbin/dump -0 -f - / | gzip | /usr/bin/ssh x.x.x.x dd of=/path/ok.gz 2/dev/null;echo $?` if [ $OK != 0 ] then echo `date` `hostname` backup failed $OK | mail you exit fi echo `date` `hostname` backup $OK | mail -s `hostname` backup $OK you Stef Caunter http://caunter.ca/contact.html Is there any documentation on how to do that? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Error during MAKE
I am getting the following error on MAKE for gpg1.4.2.2 make[2]: *** No rule to make target `../cipher/libcipher.a', needed by `gpgsplit'. Stop. This is a solaris9 box...was able to successfully install previously on another solaris9 box. Anybody have a suggestion? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: (no subject)
On 3/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: was checking the key preferences in gnupg 1.4.2.2(MingW32) with the SHOWPREF command, and found all the algorithms listed except for twofish the key accepts and decrypts messages done in twofish, and works fine have tested this for many of the keys and none of them display twofish in the preferences C:\gpg --edit c5dcca32 gpg (GnuPG) 1.4.2.2; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Secret key is available. pub 2048R/C5DCCA32 created: 2006-03-05 expires: never usage: CS trust: ultimate validity: ultimate sub 2048R/B9F25302 created: 2006-03-05 expires: never usage: E sub 2048R/16D982EE created: 2006-03-05 expires: never usage: S [ultimate] (1). Simon H. Garlick Command showpref pub 2048R/C5DCCA32 created: 2006-03-05 expires: never usage: CS trust: ultimate validity: ultimate [ultimate] (1). Simon H. Garlick Cipher: TWOFISH, AES256, 3DES Digest: SHA512, SHA384, SHA256, RIPEMD160, SHA1 Compression: ZIP, ZLIB, BZIP2, Uncompressed Features: MDC, Keyserver no-modify Command working OK here. Simon ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
encrypted mail and gmail / remote
hello group - apologies for the newbie questions. i am wondering if there are any webmail services that can decrypt email, if i somehow inform of my PGP key? also, i am travelling without knowing my pgp key. is this somehow centrally registered, in a way that i can download the key, and use a command line app to decrypt messages sent to me? i guess only the public key is available on the public key registries (if it works that way). thanks! /dc -- ___ David DC Collier US 1-415-283-7742 [EMAIL PROTECTED] skype: callto://d3ntaku http://www.pikkle.com +81 (0)80 6521 9559 http://charajam.com 【★キャラ♪ジャム★】 人気キャラとJ-POP最新ヒット曲を自分で組み合わせて 待受Flashや着Flashを作っちゃおう! ___ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: encrypted mail and gmail / remote
I noticed this plugin for squirrelmail if you wanted to do it on your own server: http://www.squirrelmail.org/plugin_view.php?id=153 Aside from that there are a few services around, like hushmail.com that'll do what you want. On 3/23/06, D_C [EMAIL PROTECTED] wrote: hello group - apologies for the newbie questions. i am wondering if there are any webmail services that can decrypt email, if i somehow inform of my PGP key? also, i am travelling without knowing my pgp key. is this somehow centrally registered, in a way that i can download the key, and use a command line app to decrypt messages sent to me? i guess only the public key is available on the public key registries (if it works that way). thanks! /dc -- ___ David DC Collier US 1-415-283-7742 [EMAIL PROTECTED] skype: callto://d3ntaku http://www.pikkle.com +81 (0)80 6521 9559 http://charajam.com 【★キャラ♪ジャム★】 人気キャラとJ-POP最新ヒット曲を自分で組み合わせて 待受Flashや着Flashを作っちゃおう! ___ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users