Re: Network Neutrality

2006-03-22 Thread Eric 
On Fri, 2006-03-17 at 07:09 -0800, Robert Wohleb wrote:
 This morning I was
 surprised to find my download and upload speed higher than normal. Hell,
 a 2.8GB download i supposed to complete in 12 hours. That hasn't
 happened for a while on Cox. Hopefully this isn't a fluke. I'll report
 back if this keeps up. 

As far as I can tell, Cox stopped sniping bittorrent and gnutella
connections with reset packets the day or the day after I told them that
I'd expose their practices. Maybe they started again afterwards. Or
maybe they only stopped corrupting my and my friends' traffic.

If encrypting your connections gives a speed boost, then maybe some more
investigating needs to be done.

 I'm sure it is also only a matter of time before
 Cox gets around this if this is really helping.

I doubt it. Provided that bittorrent end to end encryption means
something akin to Diffie-Hellman key exchange at the start of each
connection, there are two ways around this, that I can think of, both
of which suck for Cox:

1. Content-based whitelisting, meaning you can't make any kind of
connection in or out unless Cox can identify the type of traffic by its
content.

If Cox can't determine the content of the connection because it's
encrypted and Cox has not broken the encryption, then Cox terminates the
connection. This would mean lots of work for Cox, and lots of support
calls from lots of unhappy customers (My streaming video never works!
I'm sorry, but we haven't programmed our systems to track all of your
streaming video viewing yet. You'll have to wait.).

2. A man in the middle attack, meaning Cox decides to break the
encryption, which is a mostly straightforward process in this case. This
creates several interesting problems. 

The first is that Cox would have to attempt such an attack on each
unidentifiable connection (Oh, that's not HTTP. Better mess with it.).
The result would be that any connection using a protocol that Cox's
system isn't set up to interpret and that is NOT using bittorrent end to
end encryption (think multiplayer games, NFS, whatever) would almost
certainly be corrupted. This is maybe worse for the end user than
whitelisting. 

The second is that provided Cox wants to keep its activities secret (as
seems to be the case so far), it would have to throttle encrypted
bittorrent connections instead of terminating them entirely. That would
mean that a Cox computer would have to participate in each encrypted
connection from start to finish. Let's be conservative and say that
there are 5,000 bittorrent connections in and out of humboldt county via
Cox's network at any given time. Then Cox's servers would have to
perform the encrypting and decrypting work normally parcelled out to
10,000 home PCs continuously.*



Eric

*P.S.
There is a neat game to be played here. Suppose that Cox can purchase
enough computing power to do the job (hardware+software+electricity
+maintenance), and that the massive P2P throttling system pays for
itself in bandwidth savings. Then suppose peer to peer developers start
layering symmetric ciphers. Then the CPUs participating in the peer to
peer network will be a little more loaded down, but Cox will need a much
larger throttle farm to do the job. Will P2P users not be able to
participate in the network because they don't have fast enough computers
to do all the encryption? Or will Cox decide that the throttle farm
costs more to operate than they are saving in bandwidth? Who will give
up first?


signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Force GPG to write a file?

2006-03-22 Thread Daniel Carrera 

Hi all,

Last question :)
By default, gpg will refuse to write to a file (myfile.gpg) that already 
exists. Is there a way to change this behaviour?


I am running gpg on batch mode on a server to encrypt a database before 
downloading. So I need to temporarily store the encrypted file on the 
server. There are two ways to accomplish this:


1) Give Apache write permission to an entire directory, so it can add 
and delete files in that directory.


2) Give Apache write permission to just one file (myfile.gpg) and keep 
overwriting every time I download a new encrypted backup.


Right now I'm doing (1) but I guess that (2) would be better. But I can 
only do (2) if I can confince gpg to overwrite an existing file.


I looked at the man page and FAQs and I couldn't find this information.

Thank you for your help.

Cheers,
Daniel.
--
 /\/`) http://opendocumentfellowship.org
/\/_/
   /\/_/   A life? Sounds great!
   \/_/Do you know where I could download one?
   /

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Passphrase on the command line

2006-03-22 Thread Daniel Carrera 

Hello,

This should be a simple question. What is the recommended way to decrypt 
a file from a script that runs on a cron job? This is what I have so far:


cat passphrase | gpg -o MyData --passphrase-fd 0 -d MyData.asc

Where 'passphrase' has the chmod permission 400.

Is this the best option?

Background:  I want to setup a cron job to regularly download an 
encrypted backup of a database, decrypt it, and store it here (this 
computer then gets backed up onto tape drives).


Thank you for your advice.

Cheers,
Daniel.
--
 /\/`) http://opendocumentfellowship.org
/\/_/
   /\/_/   A life? Sounds great!
   \/_/Do you know where I could download one?
   /

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

segfault in gnupg14 (was: How to sign with non-subkey?)

2006-03-22 Thread Peter Palfrader 
On Tue, 21 Mar 2006, Simon Josefsson wrote:

 [EMAIL PROTECTED]:~$ echo foo |gpg -a -s -v -u b565716f
 gpg: using subkey AABB1F7B instead of primary key B565716F
 gpg: writing to stdout
 gpg: using subkey AABB1F7B instead of primary key B565716F
 gpg: RSA/SHA1 signature from: AABB1F7B Simon Josefsson [EMAIL PROTECTED]
 -BEGIN PGP MESSAGE-
 Version: GnuPG v1.4.2.2 (GNU/Linux)
 
 owGbwMvMwMS4XF34xKrd8tWMp7mSGFwURP6l5edzdZxiYWBkYjBhZQKJ6Io0MACB
 KAN/QXaibmJKSlFqcbFDel5pQbpeflF6VmKxQ2pFSWleSr5ecn4uAxenAMzQy+bM
 /4v/zBGfa+XAOvOGXqTUwQde0rPmL9P6KDS/8HLSjbKjN5fM+bfO0StszgfhZK0N
 R3X5lKuSzsUa1B5fWvKed/HOTZ9rbrUw8ZdwuT9d33bV/8xzcbFLe+y//76ttcg8
 v3G1sbjG1kSh62GcnIEmgay1uU4C06ezaT7wbJ1222IN60yGD7w3DwAA
 =HgpN
 -END PGP MESSAGE-
 [EMAIL PROTECTED]:~$

While handling this block my gpg segfaulted.

| [EMAIL PROTECTED]:~$ gpg  blurb
| foo
| gpg: Signature made Tue Mar 21 16:00:14 2006 CET using RSA key ID AABB1F7B
| 
| gpg: Segmentation fault caught ... exiting
| zsh: segmentation fault  gpg  blurb

After enabling coredumps:

#0  0x08066b35 in is_valid_mailbox (name=0x20 Address 0x20 out of bounds) at 
misc.c:1112
1112  return !( !name
(gdb) bt
#0  0x08066b35 in is_valid_mailbox (name=0x20 Address 0x20 out of bounds) at 
misc.c:1112
#1  0x0806111c in get_pka_address (sig=0x8188cf0) at mainproc.c:1350
#2  0x08061198 in pka_uri_from_sig (sig=0x812f9c0) at mainproc.c:1377
#3  0x08062181 in check_sig_and_print (c=0x8133820, node=0x812faf8) at 
mainproc.c:1576
#4  0x080628cb in proc_tree (c=0x8133820, node=0x8131698) at mainproc.c:1965
#5  0x0805e84c in release_list (c=0x8133820) at mainproc.c:97
#6  0x08060ed1 in do_proc_packets (c=0x8133820, a=0x812d538) at mainproc.c:1323
#7  0x08060c8e in proc_packets (anchor=0x8188cf0, a=0x8188cf0) at 
mainproc.c:1135
#8  0x08054c22 in handle_compressed (procctx=0x8188cf0, cd=0x812d490, 
callback=0, passthru=0x8188cf0) at compress.c:326
#9  0x0805fcf8 in proc_compressed (c=0x8131638, pkt=0x812d480) at mainproc.c:756
#10 0x08060f28 in do_proc_packets (c=0x8131638, a=0x812d538) at mainproc.c:1281
#11 0x08060c8e in proc_packets (anchor=0x8188cf0, a=0x8188cf0) at 
mainproc.c:1135
#12 0x0804fc75 in main (argc=0, argv=0xbf9db188) at gpg.c:3736

full:
#0  0x08066b35 in is_valid_mailbox (name=0x20 Address 0x20 out of bounds) at 
misc.c:1112
No locals.
#1  0x0806111c in get_pka_address (sig=0x8188cf0) at mainproc.c:1350
pka = (pka_info_t *) 0x0
nd = (struct notation *) 0x8188cf0
notation = (struct notation *) 0x8188cf0
#2  0x08061198 in pka_uri_from_sig (sig=0x812f9c0) at mainproc.c:1377
No locals.
#3  0x08062181 in check_sig_and_print (c=0x8133820, node=0x812faf8) at 
mainproc.c:1576
uri = 0x8188cf0 [EMAIL PROTECTED]
sig = (PKT_signature *) 0x812f9c0
astr = 0x810c42a RSA
rc = 9
is_expkey = 0
is_revkey = 0
#4  0x080628cb in proc_tree (c=0x8133820, node=0x8131698) at mainproc.c:1965
n1 = 0x812faf8
rc = 135826672
#5  0x0805e84c in release_list (c=0x8133820) at mainproc.c:97
No locals.
#6  0x08060ed1 in do_proc_packets (c=0x8133820, a=0x812d538) at mainproc.c:1323
pkt = (PACKET *) 0x8131790
rc = 0
any_data = 1
newpkt = 0
[...]

Latest svn on ia32, debian sarge.
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
messages preferred.| : :' :  The  universal
   | `. `'  Operating System
 http://www.palfrader.org/ |   `-http://www.debian.org/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Passphrase on the command line

2006-03-22 Thread Daniel Carrera 

Stef Caunter wrote:

The documentation does not recommend this.

Since you appear to not want to store the ciphertext but the plaintext, 
an encrypted network transfer seems appropriate and less expensive. 
Write the backup to an ssh pipe instead of a temporary file.


Is there any documentation on how to do that?

Daniel.
--
 /\/`) http://opendocumentfellowship.org
/\/_/
   /\/_/   A life? Sounds great!
   \/_/Do you know where I could download one?
   /

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Passphrase on the command line

2006-03-22 Thread Raphaël Poss 



Is there any documentation on how to do that?


Say server A has the original data and server B has the backup.

You can do from server A:

  backup_tool | ssh [EMAIL PROTECTED] dd of=/path/to/backup

or you can do from server B:

  ssh [EMAIL PROTECTED] backup_tool | dd of=/path/to/backup


Regards,

--
Raphaël



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[GPGOL] No keys found

2006-03-22 Thread Anders Eriksson 
Hello!

I have just installed the latest WinPT and GPGOL on a Windows XP SP2, with
Outlook 2003.
The installation was successful and I have created my own set of keys and
imported some friends public keys.

In WinPT I can sign and encrypt with my key and I can encrypt using my
friends public keys.

BUT, in Outlook/GPGOL I create a new mail, select Sign Message with GPG
and press Send. I now get an dialog, Secret Key Dialog which has a
DropDown control that's EMPTY!

If I instead select encrypt message with GPG I get Recipient Dialog, and
my recipients are in the Recipient which were not found edit field.

So I'm guessing that GPGOL can't find my keys!

I have checked preferences for GPG and GPGOL and they are all pointing to
the directory where pubkeys.gpg and seckeys.gpg are.

Anyone that has a clue what the error is?

// Anders
-- 
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1

mQGiBEQg8VYRBACOOXStH4ZhRLmGUDXghrFzlB/UU7Hkcitgkdr/HQeStKC3JRit
pwqVvbpGe0y7v1EAXhvxt0GJ8JTNY6E5420O2fThOyKjaf5RoKAzRDb/GnCtuhv2
uvcOFQXR4pLGMekjeqr2GljFD4+CZCQxdHH7gyHoMYzLjqtH5v/py3O5PwCguwbj
IK+gJwYyAP6U7hDlkUb7UyMD/j/8HlR0ySvhEIN5zu0f647Rat04uK9v+oqZe084
DVJhmiCpaNn6S4blfMMCxZAWtC7Np/C24c+/fwIVoUkwC60qN7nHUUTUWOBEWYOI
8nv+x8ZzoULRGY25DHRc2eKsBh2CZYUPNrR3++CGFOiLjpMlG9Kdf1jc/hKrvaks
klI1A/0cbOuNtwG064repJ1IdB6xtswppCyIdb2oGYA8PWen4vI3xRihWaXGSKBI
SIKJO/W88aQlBvZ/Rt08Pfxvfkw8TaJs4E2PCKHGrSV/S6aiwggUJHGYPmaJHn/5
87bkVM7sy9V5glZVH7dSK+qWQM2t42K/DjRgptBsp/kV0wj/hbQkQW5kZXJzIEVy
aWtzc29uIDxhbmRlcnNAb3N0bGluZy5jb20+iF0EExECAB0FAkQg8dUFCQeGH/8F
CwcKAwQDFQMCAxYCAQIXgAAKCRB28dAybUSHYOnMAJ9+CwLVNFS8WjokFZMKh0c7
KU2tpQCeNmiz4ASuGnIPODdD0gjs4aD0jym5AQ0ERCDxWRAEANGRh5WFIq1TmCD9
FgOuNRGFzANg1kLfOqsvW6GXROXREsR31HFmZ8DSly5eTjYNs9hO49HRqVTeDkyq
83KHnaBGik24fqV7yUx2l4ER0imBM7eepcVJwUE5HIm2gU+rqbrFVBmT/fle7UlS
jGLLlhmjnSJV3o4kEpLFhlj9d/i7AAMFA/0WSfLjRlD75+Eg1CC8pb0xtaYtq2mR
4MNsFsFkdforC4218q/2Zjx1iU+Qyjg+KWPW/V0QCqKJy5wArl/lOPgIN2oP+UOq
FMOxYV7iRq3x+D82ntlJhTwUAlS0ifHmJ/q8vkhAHVeVo3NSqJgKJWQX3kwJIomx
qYbOYDmd5S+se4hGBBgRAgAGBQJEIPFZAAoJEHbx0DJtRIdgz9IAmwUeNJMDnkve
Yi110dFf68sB5WC3AKCBmS4Gt9VmbynUsvYsAHz/7Xb9cw==
=Ypr/
-END PGP PUBLIC KEY BLOCK-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Passphrase on the command line

2006-03-22 Thread Stef Caunter 

Here is my idiom; checking for success is vital.

See openssh documentation for details on key-based shell access. Test for 
transparent access, if using gpg, test for undisturbed encryption with --batch.


You can pipe the dump (or tar) to gpg instead of gzip. File size will be 
reduced. The dd command can also hit a tape, though this isn't always practical 
with nightly cron stuff.


OK=`/sbin/dump -0 -f - / | gzip | /usr/bin/ssh x.x.x.x dd of=/path/ok.gz 
2/dev/null;echo $?`
if [ $OK != 0 ]
then
echo `date` `hostname` backup failed $OK | mail you
exit
fi

echo `date` `hostname` backup $OK | mail -s `hostname` backup $OK you


Stef Caunter
http://caunter.ca/contact.html




Is there any documentation on how to do that?





___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Error during MAKE

2006-03-22 Thread Wolff, Alex 
I am getting the following error on MAKE for gpg1.4.2.2

make[2]: *** No rule to make target `../cipher/libcipher.a', needed by
`gpgsplit'.  Stop.



This is a solaris9 box...was able to successfully install previously on
another solaris9 box.


Anybody have a suggestion?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: (no subject)

2006-03-22 Thread Simon H. Garlick 
On 3/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 was checking the key preferences in gnupg 1.4.2.2(MingW32)
 with the SHOWPREF command,
 and found all the algorithms listed except for twofish

 the key accepts and decrypts messages done in twofish,
 and works fine

 have tested this for many of the keys and none of them display
 twofish in the preferences


C:\gpg --edit c5dcca32
gpg (GnuPG) 1.4.2.2; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

pub  2048R/C5DCCA32  created: 2006-03-05  expires: never   usage: CS
 trust: ultimate  validity: ultimate
sub  2048R/B9F25302  created: 2006-03-05  expires: never   usage: E
sub  2048R/16D982EE  created: 2006-03-05  expires: never   usage: S
[ultimate] (1). Simon H. Garlick

Command showpref
pub  2048R/C5DCCA32  created: 2006-03-05  expires: never   usage: CS
 trust: ultimate  validity: ultimate
[ultimate] (1). Simon H. Garlick
 Cipher: TWOFISH, AES256, 3DES
 Digest: SHA512, SHA384, SHA256, RIPEMD160, SHA1
 Compression: ZIP, ZLIB, BZIP2, Uncompressed
 Features: MDC, Keyserver no-modify

Command


working OK here.



Simon

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

encrypted mail and gmail / remote

2006-03-22 Thread D_C 
hello group -

apologies for the newbie questions.

i am wondering if there are any webmail services that can decrypt
email, if i somehow inform of my PGP key?

also, i am travelling without knowing my pgp key. is this somehow
centrally registered, in a way that i can download the key, and use a
command line app to decrypt messages sent to me? i guess only the
public key is available on the public key registries (if it works that
way).

thanks!

/dc

--
___
   David DC Collier
US  1-415-283-7742
[EMAIL PROTECTED]
   skype: callto://d3ntaku
   http://www.pikkle.com
   +81 (0)80 6521 9559

http://charajam.com 【★キャラ♪ジャム★】
人気キャラとJ-POP最新ヒット曲を自分で組み合わせて
待受Flashや着Flashを作っちゃおう!
___

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: encrypted mail and gmail / remote

2006-03-22 Thread Roscoe 
I noticed this plugin for squirrelmail if you wanted to do it on your
own server:
http://www.squirrelmail.org/plugin_view.php?id=153


Aside from that there are a few services around, like hushmail.com
that'll do what you want.



On 3/23/06, D_C [EMAIL PROTECTED] wrote:
 hello group -

 apologies for the newbie questions.

 i am wondering if there are any webmail services that can decrypt
 email, if i somehow inform of my PGP key?

 also, i am travelling without knowing my pgp key. is this somehow
 centrally registered, in a way that i can download the key, and use a
 command line app to decrypt messages sent to me? i guess only the
 public key is available on the public key registries (if it works that
 way).

 thanks!

 /dc

 --
 ___
   David DC Collier
 US  1-415-283-7742
 [EMAIL PROTECTED]
   skype: callto://d3ntaku
   http://www.pikkle.com
   +81 (0)80 6521 9559

 http://charajam.com 【★キャラ♪ジャム★】
 人気キャラとJ-POP最新ヒット曲を自分で組み合わせて
 待受Flashや着Flashを作っちゃおう!
 ___

 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users