Ben Laurie wrote:
Perhaps this is time to remind people of Security Against Compelled
Disclosure: http://www.apache-ssl.org/disclosure.pdf.
Thanks. Survelillance technology is now almost 6 years ahead of April, 1999,
when the cited Report to the Director General for Research of the European
Travis H. wrote:
I must admit, I just had a duh moment.
Why the heck am I expiring encryption keys each year? Anyone who
records the email can crack it even if the key is invalid by then.
All it really does is crudely limit the quantity of data sent under
that key, which is little to none
| Even though triple-DES is still considered to have avoided that
| trap, its relatively small block size means you can now put the
| entire decrypt table on a dvd (or somesuch, I forget the maths).
|
|
| This would need 8 x 2^{64} bytes of storage which is approximately
| 2,000,000,000
Alexander Klimov wrote:
On Wed, 11 Jan 2006, Ian G wrote:
Even though triple-DES is still considered to have avoided that trap,
its relatively small block size means you can now put the entire
decrypt table on a dvd (or somesuch, I forget the maths).
This would need 8 x 2^{64} bytes of
On Sat, Jan 14, 2006 at 12:30:25PM -0700, Anne Lynn Wheeler wrote:
Guus Sliepen wrote:
By default, GPG creates a signing key and an encryption key. The signing
key is used both for signing other keys (including self-signing your own
keys), and for signing documents (like emails). However,
Guus Sliepen wrote:
It depends on how it is used. For example, when I sent this email, I
typed in the passphrase of my PGP key, authorising GnuPG to create a
signature for this email. This comes very close to human signing. I
read, understood, approve etc. with the contents of this email.
Travis H. wrote:
Why the heck am I expiring encryption keys each year? Anyone who
records the email can crack it even if the key is invalid by then.
All it really does is crudely limit the quantity of data sent under
that key, which is little to none anyway.
If your threat model includes
I must admit, I just had a duh moment.
Why the heck am I expiring encryption keys each year? Anyone who
records the email can crack it even if the key is invalid by then.
All it really does is crudely limit the quantity of data sent under
that key, which is little to none anyway.
*bonks
On Wed, 11 Jan 2006, Ian G wrote:
Even though triple-DES is still considered to have avoided that
trap, its relatively small block size means you can now put the
entire decrypt table on a dvd (or somesuch, I forget the maths).
This would need 8 x 2^{64} bytes of storage which is approximately
On Wednesday 11 January 2006 08:04, Ian G wrote:
[...]
I don't think EC is available for OpenPGP although
GPG may have some experimental product in it?
RFC2440 has 9.1. Public Key Algorithms has ID 18 as Reserved for
Elliptic Curve followed by the statement Implementations MAY
implement any
On Tue, Jan 10, 2006 at 03:28:49AM -0600, Travis H. wrote:
I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such. I
remember a problem with Elgamal signing keys and I'm under the
impression that the 1024 bit
Alexander Klimov wrote:
On Wed, 11 Jan 2006, Ian G wrote:
Even though triple-DES is still considered to have avoided that
trap, its relatively small block size means you can now put the
entire decrypt table on a dvd (or somesuch, I forget the maths).
This would need 8 x 2^{64} bytes of
Amir Herzberg wrote:
Ian G wrote:
Travis H. wrote:
I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such. I
remember a problem with Elgamal signing keys and I'm under the
impression that the 1024 bit strength
There are a number of differences in key management priorities between
(communication) signature and encryption keys.
For encryption keys:
- you want short lived keys
- you should wipe the keys after at first opportunity
- for archiving you should re-encrypt with storage keys
- you can't detect
Travis H. wrote:
On 1/10/06, Ian G [EMAIL PROTECTED] wrote:
2. DSA has a problem, it relies on a 160
bit hash, which is for most purposes the
SHA-1 hash. Upgrading the crypto to cope
with current hash circumstances is not
worthwhile; we currently are waiting on
NIST to lead review in hashes
Perry E. Metzger wrote:
Ian G [EMAIL PROTECTED] writes:
Travis H. wrote:
I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such. I
remember a problem with Elgamal signing keys and I'm under the
impression that
Perry E. Metzger wrote:
Even in totally ordinary circumstances it is important to have very
strong signing keys. Your comments were insupportable.
there is a somewhat separate issue having to do with security
proportional to risk. minor old posting:
http://www.garlic.com/~lynn/2001h.html#61
Travis H. wrote:
I'd like to make a long-term key for signing communication keys using
GPG and I'm wondering what the current recommendation is for such. I
remember a problem with Elgamal signing keys and I'm under the
impression that the 1024 bit strength provided by p in the DSA is not
18 matches
Mail list logo
