-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Allen Schultz escribió:
> I recently installed Comodo AntiVirus and it said that GPGShell had a
> malware called "daisy-2...@31780980". But could not find any details
If I'm not wrong, Comodo Antivirus is the newest of their products,
and I would
RSA was not added in RFC-4880. It dates back to PGP 5 (1997-ish),
and was first formalized (in the RFC sense) in RFC-2440 in 1998.
It's been in a RFC for 10+ years now. Of course, it's been optional
for all that time as well.
Yes; it was more a general statement about why when talking ab
On Jul 30, 2009, at 10:06 PM, Robert J. Hansen wrote:
Is that an example of a potential problem implementation? Note
that the McAfee product does support RSA (not surprising, given its
ancestry).
I don't know.
There are a wide number of implementations with various degrees of
conformanc
Is that an example of a potential problem implementation? Note that
the McAfee product does support RSA (not surprising, given its
ancestry).
I don't know.
There are a wide number of implementations with various degrees of
conformance, RFC4880 is fairly new and there's no guarantee vendor
On Jul 30, 2009, at 9:23 PM, Robert J. Hansen wrote:
Hence, McAfee may be a much bigger player than people think.
Is that an example of a potential problem implementation? Note that
the McAfee product does support RSA (not surprising, given its
ancestry).
David
___
Have you had the opportunity to publish this tally someplace?
Wikipedia has a pretty good list, last I checked. If you're really
interested, check there; my list will not be as comprehensive.
Deployment numbers are both hard to come by and misleading. GnuPG is
probably overwhelmingly the
There is theory and then there is practice.
I missed the original poster's qualification that 90% of his
correspondents used GnuPG. Given that, I'll agree with you on this:
RSA won't be a problem.
___
Gnupg-users mailing list
Gnupg-users@gnupg
On Jul 29, 2009, at 11:14 AM, Jan Suhr wrote:
For my understanding GnuPG is standard conform and creates a "DSA
primary key (1024 bits - not "DSA2") with an Elgamal subkey per
default."
It was discussed in May to change this standard to 2048-bit RSA key:
http://www.imc.org/ietf-openpgp/mail-
On Jul 30, 2009, at 7:06 PM, Robert J. Hansen wrote:
No; only people using OpenPGP applications that don't support RSA
will have problems. This is potentially quite a lot of people. The
last time I tallied it up there were at least ten different OpenPGP
implementations, and some of them o
Hi Alain--
On 07/29/2009 05:27 AM, Alain Williams wrote:
> I have been generating GPG keys, when it does it GPG prints out strings of
> '+.-<>' (see below).
>
> What are these characters, I can see that it is trying to show progress, but
> what do
> the different characters mean ?
[...]
> I di
On 07/30/2009 07:06 PM, Robert J. Hansen wrote:
> No; only people using OpenPGP applications that don't support RSA will
> have problems. This is potentially quite a lot of people. The last
> time I tallied it up there were at least ten different OpenPGP
> implementations, and some of them only s
Check a site like Symantec on how to send it to them ... AFAIK, they should be
able to verify
whether it's a real virus of just a false positive.
gerry
- Original Message -
From: "Allen Schultz"
To: "gnupg-users"
Sent: Thursday, July 30, 2009 5:09 PM
Subject: GPGShell caught with malw
The patent for RSA has now been expired for a few
years (since 2003)
The patent never expired. It was due to expire in September 2000; in
August 2000 the patentholders released it into the public domain.
Some people (myself included) think they did this in order to prevent
the media cove
On Wed, Jul 29, 2009 at 05:14:04PM +0200, Jan Suhr wrote:
> For my understanding GnuPG is standard conform and creates a "DSA
> primary key (1024 bits - not "DSA2") with an Elgamal subkey per
> default."
> It was discussed in May to change this standard to 2048-bit RSA key:
> http://www.imc.org/i
* "Robert J. Hansen" wrote:
> >(am not overly worried, still use IDEA when encrypting for diehard
> >pgp2.x e-mailers, and that has 5 of 8 rounds broken ;-) ))
>
> 6.
7 - raise? fold?
--
left blank, right bald
pgpFiYo0Yf06I.pgp
Description: PGP signature
I recently installed Comodo AntiVirus and it said that GPGShell had a
malware called "daisy-2...@31780980". But could not find any details
about this. Is there a GPGShell like program that does the same job as
GPGShell?
Allen
___
Gnupg-users mailing lis
On Jul 30, 2009, at 4:17 PM, ved...@hush.com wrote:
a new attack has been found against AES - 256
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html
it only works against 10 round AES-256 (which normally has 16
rounds)
It breaks 11 rounds of 14.
David
_
Robert, you are absolutely 100% correct when you write:
"The danger comes from assuming you're more sophisticated than the
people who want your information."
The television show "So you think you are smarter than a fifth grader" proves
your point time and time again.
g.
(am not overly worried,
still use IDEA when encrypting for diehard pgp2.x e-mailers, and
that has 5 of 8 rounds broken ;-) ))
6.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
a new attack has been found against AES - 256
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html
it only works against 10 round AES-256 (which normally has 16
rounds)
(am not overly worried,
still use IDEA when encrypting for diehard pgp2.x e-mailers, and
that has 5 of 8 round
Even simple systems like pig-latin are sufficient as long as they
are more sophisticated than those
from whom one wishes to safeguard information.
The danger comes from assuming you're more sophisticated than the
people who want your information.
__
"solitaire" is done with cards, it was used by two men in jail,
both characters in Neal Stephenson's "Cryptonomicon" ...
imo a novel worth reading ... Bruce Schneier invented
the game at Stephenson's request AFAIK.
Solitaire has some serious problems, and is not a public-key
algorithm. The or
On Thu, Jul 30, 2009 at 2:06 PM, Brian Mearns wrote:
> On Thu, Jul 30, 2009 at 2:02 PM, gerry_lowry (alliston ontario canada
> (705) 250-0112)
> wrote:
>> Robert wrote in part that "We've known since '99 that Solitaire is weak,
>> thanks to the work of Paul Crowley".
>>
>> It was, however, suffic
Robert wrote in part that "We've known since '99 that Solitaire is weak,
thanks to the work of Paul Crowley".
It was, however, sufficient as a plot device in "Cryptonomicon".
Even simple systems like pig-latin are sufficient as long as they are more
sophisticated than those
from whom one wishe
http://www.schneier.com/solitaire.html
"solitaire" is done with cards, it was used by two men in jail,
both characters in Neal Stephenson's "Cryptonomicon" ...
imo a novel worth reading ... Bruce Schneier invented
the game at Stephenson's request AFAIK.
gerry
don't know of any 'public key' systems,
but there are 'by hand' systems that are described as secure
http://www.schneier.com/solitaire.html
We've known since '99 that Solitaire is weak, thanks to the work of
Paul Crowley.
___
Gnupg-users mailing
Brian Mearns wrote:
>if anyone knows of a
>public key system that can realistically be done by pencil and
paper
...
>anything that can reasonably be
>done by hand wouldn't be secure.
>Oh well. Pad locks it is. =)
don't know of any 'public key' systems,
but there are 'by hand' systems that ar
Hi,
Some time ago there was a question about support for the WHIRLPOOL hash in
GnuPG. I thought it wouldn't be to difficult since libgcrypt already implements
WHIRLPOOL.
Attached is a patch against the current svn (r5101). If it gets mangled by the
mailing list it is also available as download[1]
On Thu, Jul 30, 2009 at 09:30:47AM -0400, Brian Mearns wrote:
> Thanks, Harry. Interesting page, but I don't think primes on the
> order of 3 and 11 really qualify as secure, which was pretty much
> what I figured would be the case: anything that can reasonably be
> done by hand wouldn't be secure.
On Thu, Jul 30, 2009 at 8:44 AM, Harry Rickards wrote:
[clipped 7/30/2009 9:26:46 AM]
> Brian Mearns wrote:
>> Sorry, this is a bit of topic. But I wonder if anyone knows of a
>> public key system that can realistically be done by pencil and paper.
>> I realize anything a computer can calculate cou
Sorry, this is a bit of topic. But I wonder if anyone knows of a
public key system that can realistically be done by pencil and paper.
I realize anything a computer can calculate could conceivably be done
by hand, but I'm looking for something realistic. I don't consider
raising very large numbers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian Mearns wrote:
> Sorry, this is a bit of topic. But I wonder if anyone knows of a
> public key system that can realistically be done by pencil and paper.
> I realize anything a computer can calculate could conceivably be done
> by hand, but I'm lo
Sorry, this is a bit of topic. But I wonder if anyone knows of a
public key system that can realistically be done by pencil and paper.
I realize anything a computer can calculate could conceivably be done
by hand, but I'm looking for something realistic. I don't consider
raising very large numbers
Hi,
for those interested, there's going to be a keysigning party at
FrOSCon 2009 in Sankt Augustin on August 22nd, 12:30h:
http://ksp.froscon.org/
Deadline for key submission is Thursday, August 20th 2009.
More info about the conference is online at http://www.froscon.org/
--
left blank, righ
34 matches
Mail list logo
