Faramir wrote:
> Ok, let me say something on my behalf: in my experience, when
> something does't work as well as expected, and people say "well...
> lets do it 2 times, that should work", usually that leads to
> something that works, but it is not as good as it could be...
False premise. DES wo
Faramir wrote:
> Maybe he said both things, my source was wikipedia, but they provided
> a link to the interview where he said that:
Add this to the list of things Wikipedia has screwed up.
Schneier has repeatedly advocated for AES. Go read his _Practical
Cryptography_ and see what he says abo
Kevin Hilton wrote:
> I've often wondered the consequences of such an action -- whether
> this makes the chance of a collision higher or equal in comparing the
> SHA512 modified hash product to the SHA256 hash product. Perhaps
> someone could elaborate on this.
Theoretically? None. Practically?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Robert J. Hansen escribió:
> Faramir wrote:
>> didn't include Blowfish because I was told it is not supported by PGP
>
> PGP can read Blowfish traffic. It won't generate Blowfish traffic, but
> that's a separate issue.
Interesting... I will add
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Robert J. Hansen escribió:
> Faramir wrote:
>> I think I will add some more algos, to avoid using 3DES (while it
>> should be safe enough... I don't like the solution "lets do it 3 times")
> Not to ask a dunce question here, but why not?
I will
On Sep 23, 2008, at 11:32 PM, Kevin Hilton wrote:
Robert can probably give a better explanation that I, however with
3072 DSA signing keys, the SHA512 and SHA256 algorithms "functionally"
produce the same length hash since the lower 256 bits are dropped as
per the FIPS specification. I've often
On Sep 23, 2008, at 11:03 PM, Faramir wrote:
Well, I wrote what I intend to use as default preferences, but before
modifying anything I wanted to ask opinions...
For encryption: AES256 AES192 TWOFISH AES CAST5 3DES (didn't include
Blowfish because I was told it is not supported by PGP, and als
On Sep 23, 2008, at 7:24 PM, Faramir wrote:
I think I will add some more algos, to avoid using 3DES (while it
should be safe enough... I don't like the solution "lets do it 3
times")
3DES is arguably the "best" (defined as "has been studied the most and
hasn't been broken") algorithm in O
Robert can probably give a better explanation that I, however with
3072 DSA signing keys, the SHA512 and SHA256 algorithms "functionally"
produce the same length hash since the lower 256 bits are dropped as
per the FIPS specification. I've often wondered the consequences of
such an action -- wheth
Faramir wrote:
> didn't include Blowfish because I was told it is not supported by PGP
PGP can read Blowfish traffic. It won't generate Blowfish traffic, but
that's a separate issue.
> [Schneier] says people should move to Twofish.
No, Schneier has recommended people abandon Twofish and move to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
John Clizbe escribió:
>> didn't make any sense... according to my dictionary, a "cap" is
>> something closely related to a hat,
>
> A 'cap' may also (and more likely) refer to a limit usually an upper bound
I had the intuitive idea about that c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
David Shaw escribió:
>> Now that the algorithm has been changed for picking preferred
>> algorithms, can someone please explain how the new algorithm works if
I was forgetting to ask: does this change mean we will see a GPG
1.4.9b (or 1.4.10) ver
On Sep 23, 2008, at 10:37 PM, Robert J. Hansen wrote:
Kevin Hilton wrote:
Now that the algorithm has been changed for picking preferred
algorithms, can someone please explain how the new algorithm works if
the personal preferences are omitted?
Borda counting.
http://en.wikipedia.org/wiki/Bor
Faramir wrote:
> I think I will add some more algos, to avoid using 3DES (while it
> should be safe enough... I don't like the solution "lets do it 3 times")
Um.
Not to ask a dunce question here, but why not?
It's perfectly safe. In fact, 3DES is probably the most trustworthy
algorithm on thi
Kevin Hilton wrote:
> Now that the algorithm has been changed for picking preferred
> algorithms, can someone please explain how the new algorithm works if
> the personal preferences are omitted?
Borda counting.
http://en.wikipedia.org/wiki/Borda_count
Once you've gone off and read that, come ba
David Newman wrote:
> I guess I don't understand how the WoT will be able to figure out
> that he is untrustworthy if there is no way to mark a signature
> as untrustworthy. It seems there should be a way to sign signatures
> as good or bad.
A lot of people disagree with me on this, but so far no
On Sep 23, 2008, at 6:38 PM, Kevin Hilton wrote:
Now that the algorithm has been changed for picking preferred
algorithms, can someone please explain how the new algorithm works if
the personal preferences are omitted? Someone had previously posted a
very informative example with three users wi
On Sep 23, 2008, at 6:08 PM, David Newman wrote:
On Mon, Sep 22, 2008 at 02:42:19PM -0400, David Newman wrote:
Is there a that I can mark the signature as suspect,
Alas, no.
[snip]
That said, this is really an aesthetic problem, and not a trust
problem. The web of trust ultimately takes ca
Faramir wrote:
>I had to use a dictionary for the first message, and what I found
> didn't make any sense... according to my dictionary, a "cap" is
> something closely related to a hat,
A 'cap' may also (and more likely) refer to a limit usually an upper bound
> so I though maybe the "cap se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Robert J. Hansen escribió:
> Faramir wrote:
>> What do you mean? I didn't understand the "cap set" concept, or at
>> least, the meaning of these words (I think probably is due my lack of
>> vocabulary...).
>
> Imagine a group of people are going
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Kevin Hilton escribió:
> Now that the algorithm has been changed for picking preferred
> algorithms, can someone please explain how the new algorithm works if
> the personal preferences are omitted? Someone had previously posted a
If I understood
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Shaw wrote:
> Huh? You don't have preferences now
Yes, I have done the 'setpref' thingy on My Key. I suspect that from
this thread countless Others have or are doing so. My Point is that
until My Key _with_ advertised Preferences is Import
Now that the algorithm has been changed for picking preferred
algorithms, can someone please explain how the new algorithm works if
the personal preferences are omitted? Someone had previously posted a
very informative example with three users with their key preferences,
and showed how the choices
On Sep 23, 2008, at 5:36 PM, Faramir wrote:
Cifrado: AES256, AES192, AES, CAST5, 3DES
Resumen: SHA1, SHA256, RIPEMD160
Compresión: ZLIB, BZIP2, ZIP, Sin comprimir
Características: MDC, Sevidor de claves no-modificar
So I figure the default most preferred encryption algo will be
AES256,
not
> On Mon, Sep 22, 2008 at 02:42:19PM -0400, David Newman wrote:
> > Is there a that I can mark the signature as suspect,
>
> Alas, no.
[snip]
> That said, this is really an aesthetic problem, and not a trust
> problem. The web of trust ultimately takes care of bad signatures as
> those people who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
John W. Moore III escribió:
> David Shaw wrote:
...
>> allow the various recipient keys to "vote" on which algorithm is
>> chosen, and the most-preferred one will be chosen. It doesn't really
...
> So, nothing changes until a Key is 'refreshed' o
On Tue, Sep 23, 2008 at 05:16:52PM -0400, John W. Moore III wrote:
> David Shaw wrote:
>
> > This means that GPG will now
> > allow the various recipient keys to "vote" on which algorithm is
> > chosen, and the most-preferred one will be chosen. It doesn't really
> > change much that is visible i
John W. Moore III wrote:
> So, nothing changes until a Key is 'refreshed' on individual
> Keyrings?
Nope! There's no need to update your keyrings. This affects GnuPG's
executable code only -- there are no changes needed to your gpg.conf,
nor any key refreshes that need to occur.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Shaw wrote:
> This means that GPG will now
> allow the various recipient keys to "vote" on which algorithm is
> chosen, and the most-preferred one will be chosen. It doesn't really
> change much that is visible in practice, but it does mean t
On Tue, Sep 23, 2008 at 09:53:40AM -0400, Mark H. Wood wrote:
> On Tue, Sep 23, 2008 at 09:44:53AM -0400, David Shaw wrote:
> > On Sep 22, 2008, at 10:17 AM, Mark H. Wood wrote:
> >
> >> On Mon, Sep 22, 2008 at 12:09:00AM -0400, David Shaw wrote:
> >>> I'd be content with something that says "List
On Fri, Sep 19, 2008 at 10:01:09AM -0700, Shamim Shamimuddin wrote:
>
> Gpg Gurus,
>
> We are currently experiencing some problems when importing a public key.
>
>
> We are running gpg import as root on an AIX-5.3 Technology Level 8 Unix
> server. Any inputs would really be appreciated.
>
> Ar
On Sun, 21 Sep 2008 14:25, [EMAIL PROTECTED] said:
> and then choosing "2. unblock PIN", i get the respone "Error unblocking
> the PIN: permission denied".
You are probably using the gpg-agent and scdaemon. gpg then diverts all
card operation to this daemon instead of doing the card access by
it
On Fri, Sep 19, 2008 at 03:08:17PM +0530, Bindu Ramakrishnan wrote:
> Hi,
>
> I have created a gpg key in my pc and the key was used for encrypting a
> file. Now for official reasons I had to shift to another pc and I tried
> to import my secret key also to the new pc. But I didn't find any way
On Mon, Sep 22, 2008 at 02:42:19PM -0400, David Newman wrote:
> Hi there,
> I received a signature on my public key from an unknown key. Is there a
> way that I can mark the signature as suspect, i.e. that I did not verify
> that this person verified my identity, in a way that can be re-uploaded
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Mark H. Wood wrote:
> Sounds good to me. It seems to cover what people mostly need to know,
> and is compact enough for a man page.
Color Me "behind-the-times" but I seriously thought the Man Page was
succinct and clear regarding this. :-\
JOHN
On Sun, 21 Sep 2008, Robert J. Hansen wrote:
. . .
GnuPG's preference lists are arcane and counterintuitive, and the source
of a great deal of frustration. If it would help to get some
documentation written outlining precisely how it works and why, I would
be happy to stop the bikeshedding and
Hello all,
i have a question regarding unblocking PINs on a gnupg card (from g10code).
I entered three times the wrong PIN (*sigh*) and now the PIN is blocked.
If i try to unblock it with
gnupg --card-edit
and then choosing "2. unblock PIN", i get the respone "Error unblocking
the PIN: permissi
Hi,
I have created a gpg key in my pc and the key was used for encrypting a
file. Now for official reasons I had to shift to another pc and I tried
to import my secret key also to the new pc. But I didn't find any way of
doing it and so finally I copied the .gnupg folder from my old pc to the
Gpg Gurus,
We are currently experiencing some problems when importing a public key.
We are running gpg import as root on an AIX-5.3 Technology Level 8 Unix
server. Any inputs would really be appreciated.
Are there any environment variables that gpg import need for it to work?
Here is the erro
Thanks, unfortunately I have to decrypt some legacy apps files that does use
IDEA.
David Shaw wrote:
>
> On Thu, Sep 18, 2008 at 07:08:48AM -0700, [EMAIL PROTECTED] wrote:
>>
>> Hi,
>> I need to use GnuPG with older keys using IDEA. This is for commecial
>> use.
>> I see that for commercia
By the way gpg veriosn is 1.4.9
> _
> From: Shamim Shamimuddin
> Sent: Friday, September 19, 2008 12:01 PM
> To: 'gnupg-users@gnupg.org'
> Subject: gpg: fatal: can't create directory `~/.gnupg': A file or
> directory in the path name d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Shaw wrote:
> That's exactly it. Camellia is a very popular algorithm in Japan.
> Including it doesn't buy us much new from the cryptographic perspective
> as we already have strong 128-bit ciphers in OpenPGP, but it does buy us
> something
Hi there,
I received a signature on my public key from an unknown key. Is there a
way that I can mark the signature as suspect, i.e. that I did not verify
that this person verified my identity, in a way that can be re-uploaded
to keyservers?
Thanks
-Dave
___
David Shaw wrote:
>
>
>> If we install the latest Unix GnuPG on AIX, will we run into any issues
>> with
>> our current keys?
>
> Probably not, unless the person you are communicating with is using
> PGP 2.x from the 1990s (don't laugh - some people still are).
> ...
> "Legacy" is just a h
On Tue, Sep 23, 2008 at 09:44:53AM -0400, David Shaw wrote:
> On Sep 22, 2008, at 10:17 AM, Mark H. Wood wrote:
>
>> On Mon, Sep 22, 2008 at 12:09:00AM -0400, David Shaw wrote:
>>> I'd be content with something that says "List algorithms in the order in
>>> which you'd like to see them used.
>>
>>
On Sep 22, 2008, at 10:17 AM, Mark H. Wood wrote:
On Mon, Sep 22, 2008 at 12:09:00AM -0400, David Shaw wrote:
I'd be content with something that says "List algorithms in the
order in
which you'd like to see them used.
There's the problem right there. "Used" when? When sending?
apparently
Robert J. Hansen wrote:
> Remove the option.
Apologies for the multiple send. I had a network bounce (or three)
while sending this; apparently, Thunderbird wasn't able to register that
the message had gone through.
___
Gnupg-users mailing list
Gnupg-
Hello!
We are pleased to announce version 1.0.4 of Libksba.
Libksba is an X.509 and CMS (PKCS#7) library. It is for example
required to build the S/MIME part of GnuPG-2 (gpgsm). The only build
requirement for Libksba itself is the libgpg-error package. There are
no other dependencies; actual c
On Sep 23, 2008, at 8:44 AM, Werner Koch wrote:
On Tue, 23 Sep 2008 14:00, [EMAIL PROTECTED] said:
proper code lines. While 'interoperability' testing has
not
occurred; I have been able to successfully utilize Camellia without
Again: Please do not use this cipher for anything other than
On Tue, 23 Sep 2008 14:16, [EMAIL PROTECTED] said:
> I'd like to join: Thank you!
It is not may success - we have been quite lucky over the last years.
I still remember a time when the GnuPG sever re-booted every 10 to 20
minutes due to a hardware defect and we were not able to get access to
the
On Mon, Sep 22, 2008 at 09:37:22AM -0400, Charly Avital wrote:
> Robert J. Hansen wrote the following on 9/22/08 3:47 AM:
> > David Shaw wrote:
> >> If they are so horrible, suggest a different way to handle them. Better
> >> to fix it in code rather than document something you feel is confusing.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Werner Koch wrote:
> I also wonder why so many people are interested in it.
Well Werner, because You have 'Groupies' that cleave to You like they
would to Phil Zimmerman if He were so Publicly available.
Folks are 'interested' because it is New &
On Tue, 23 Sep 2008 14:00, [EMAIL PROTECTED] said:
> proper code lines. While 'interoperability' testing has not
> occurred; I have been able to successfully utilize Camellia without
Again: Please do not use this cipher for anything other than pure
interop testing. The identifier assigned to C
Robert J. Hansen wrote on 23.09.2008 11:50 Uhr:
> Werner Koch wrote:
>> No, it was not Robert who flooded us with mails.
>
> Over the last day, I have received a large number of emails related to
> this. Some of them were nice. Some of them were not.
It strikes me that people dealing with such
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert J. Hansen wrote:
> Remove the option.
>
> Seriously. I think key preferences ought to be considered analogous to
> "--cipher-algo": you can tweak them if you want, but it's not
> recommended and should be hidden from the user by default. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Shaw wrote:
> them... but there is no guarantee that those messages will be
> decryptable, ever. You've got a gun pointed at your foot. Be careful
> you don't pull the trigger.
Ah Jeez, David; You are too rough on the individual who incorpo
On Mon, Sep 22, 2008 at 02:47:30AM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> > If they are so horrible, suggest a different way to handle them. Better
> > to fix it in code rather than document something you feel is confusing.
>
> Remove the option.
>
> Seriously. I think key prefere
On Mon, Sep 22, 2008 at 12:09:00AM -0400, David Shaw wrote:
> I'd be content with something that says "List algorithms in the order in
> which you'd like to see them used.
There's the problem right there. "Used" when? When sending?
apparently not. When others send to me? apparently so. Someho
On Mon, Sep 22, 2008 at 01:24:37AM -0400, Faramir wrote:
> Robert J. Hansen escribi??:
> > David Shaw wrote:
> >> If someone wants to know how to set their preference list, they're not
> >> trying for new and fun ways to violate the spec.
>
>Well, since I made the question, I must agree with t
To all the contributors who helped in writing the documentation,
please do not consider my questions regarding preference choice
disparaging in any way. Documentation in many problems is very
tedious and its contributions oftentimes overlooked, however I do
sincerely appreciate your efforts and t
To all the contributors who helped in writing the documentation,
please do not consider my questions regarding preference choice
disparaging in any way. Documentation in many problems is very
tedious and its contributions oftentimes overlooked, however I do
sincerely appreciate your efforts and t
Hello Faramir !
Faramir <[EMAIL PROTECTED]> wrote:
>>??
>>? Cipher-Algos:? Digest-Algos:? Compress-Algos: ?
>>??
>>? ? ? Z0
On Mon, Sep 22, 2008 at 02:37:17AM -0500, Robert J. Hansen wrote:
> Faramir wrote:
> >> No, but they may be operating on the assumption their preference list
> >> matters. (Which it very often doesn't; encrypting-to-self and another
> >> recipient means there's a 50/50 chance their preference list
Werner Koch wrote:
> No, it was not Robert who flooded us with mails.
Over the last day, I have received a large number of emails related to
this. Some of them were nice. Some of them were not.
It has always bothered me to be blamed for things over which I have no
control. So, to those who did
Robert J. Hansen wrote the following on 9/22/08 3:47 AM:
> David Shaw wrote:
>> If they are so horrible, suggest a different way to handle them. Better
>> to fix it in code rather than document something you feel is confusing.
>
> Remove the option.
>
> Seriously. I think key preferences ought
Dne Tuesday 02 of September 2008 16:15:02 Petr Uzel napsal(a):
> Hi,
>
> Dne Tuesday 02 of September 2008 15:59:22 Steve Revilak napsal(a):
> > Is there a pinentry in root's path?
>
> Yes, it is in /usr/bin/pinentry (and /usr/bin is in root's path). In
> openSUSE, which I use, the /usr/bin/pinentry
On Sep 22, 2008, at 3:33 AM, Faramir wrote:
But... is Camellia already implemented? :O
I didn't know about that... or maybe, the S11 to S13 places are
reserved for future use?
They are reserved for experimentation in GPG. Don't use them.
They're for interoperability testing only.
Dav
On Sep 22, 2008, at 1:52 AM, Laurent Jumet wrote:
Hello !
To set the preferences, this can help:
??
? Cipher-Algos:? Digest-Algos:? Compress-Algos: ?
??
?
Good morning GnuPG users!
the following mail hit my mailbox about fifty times now - I think it's
enough. :-)
I thougt, it is my client, fetching the same mail from the server, but
looking there, I found all the mails ther too. :-(
Anyone else have the same problem? If not, I will search for the
On Mon, 22 Sep 2008, Robert J. Hansen wrote:
David Shaw wrote:
If they are so horrible, suggest a different way to handle them. Better
to fix it in code rather than document something you feel is confusing.
Remove the option.
.snip.
44 instances of t
Hi!
No, it was not Robert who flooded us with mails. Mailman and Exim found
from time to time some free space on /var and retried sending that
message.
/var has now again enough space. The cuplrit has been identified as me:
I simply forgot to adjust the log rotate scripts after having changed
th
71 matches
Mail list logo