begin 644 GPGeeDecrypt.png
MB5!.1PT*@h-24...@```2$```?`(```?O_-)*W1%6'1#F5A
M=EO;B!4:6UE`'1O(#$P('-E`R,#`Y(#`W.C$W.C$V(LP,3`P)^O\0P``
M``=T24U%!]D)@44#+J;/,)$A9P``Q(```L2`=+=?OP$9T%-
M00``L8\+_$%```8N4E$051XVNW=;XSQGG'\5G+L%O:NPA37I7(S`.#FSH
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello BosseB !
BosseB bo.bergl...@telia.com wrote:
I found GPGShell and tried it but it did not offer a context menu in
Windows Explorer just a rather strange regular program window which is
not intuitive to use for a Windows user at least.
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello BosseB !
BosseB bo.bergl...@telia.com wrote:
So I have installed both GPGShell and GPGee and all I see in my
Windows Explorer shell is GPGee.
How can I make GPGShell appear?
And how does it look like?
First of all, uninstall
Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
From what I understand Hushmail is based on OpenPGP so it should work.
The key I have from my Hushmail account is 2048bit in length but once I
copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
anymore, any
Hi Robert.
On Thu, Sep 10, 2009 at 3:05 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
Add these lines to your gpg.conf file:
personal-digest-preferences SHA256 SHA224 SHA384 SHA512 RIPEMD160
personal-cipher-preferences AES128 3DES
[...]
And you think this is enough? Not removing and
On Thu, Sep 10, 2009 at 3:45 AM, David Shaw ds...@jabberwocky.com wrote:
Yes, but it won't actually go away completely. SHA1 is special in OpenPGP.
Unlike the other hashes, SHA1 is required to be supported. Removing SHA1
from an OpenPGP preference list doesn't actually remove it, but instead
- When creating a new key,.. it uses the entropy, right? So is there
some way to improve this entropy? Perhaps not using Linux but instead
OpenBSD which might have a better PRNG (don't know if this is actually
the case ;) ) or use a specific Linux kernel version where a newer and
better PRNG
In case you missed it, using 15 as a key value is no longer a viable
option:
http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Fortunately, people are working on it:
http://spectrum.ieee.org/computing/software/cryptographers-take-on-quantum-computers
On 09/09/2009 09:45 PM, David Shaw wrote:
Instead of giving my preferences,
allow me to point at the wonderful defaults in GPG. They're the default
algorithms for a reason.
I've asked this before, but without any satisfactory answer, i'm still
curious: Why do the digest defaults in 1.4.10
2009/9/10 Christoph Anton Mitterer
christoph.anton.mitte...@physik.uni-muenchen.de:
On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
In case you missed it, using 15 as a key value is no longer a viable
option:
On Thu, 2009-09-10 at 10:29 -0400, Brian Mearns wrote:
Thank God! I've used 17 ;)
No you didn't, 17 is prime. =D
*D'Ohh* ... caught me ;)
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Hi Robert.
On Thu, Sep 10, 2009 at 3:59 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
Not really. If there were good reasons to believe OpenBSD's entropy
collector was better than Linux's, the Linux crew would fix the code,
maybe even borrowing OpenBSD's entropy collector.
Ah,..
On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote:
Uhm,.. what a pity. What would happen if SHA1 gets fully broken? Would
we have to create a new OpenPGP and new keys?
Probably. However, if SHA-1 gets totally broken we'll have a lot bigger
things to worry about than OpenPGP.
Well,
On Thu, 2009-09-10 at 16:51 +0200, Philippe Cerfon wrote:
Ah,.. right... it was the other way round it didn't work (GPL2 to BSD ;) )
Copyright protects the way an idea is expressed, not the idea itself.
If Linux had a better entropy collector than OpenBSD, the OpenBSD folks
would study the Linux
On Thu, 2009-09-10 at 10:12 -0400, Brian Mearns wrote:
In case you missed it, using 15 as a key value is no longer a viable
option:
http://spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
Thank God! I've used 17 ;)
Cheers,
Chris.
smime.p7s
Description:
On Sep 10, 2009, at 8:02 AM, Philippe Cerfon wrote:
On Thu, Sep 10, 2009 at 3:45 AM, David Shaw ds...@jabberwocky.com
wrote:
Yes, but it won't actually go away completely. SHA1 is special in
OpenPGP.
Unlike the other hashes, SHA1 is required to be supported.
Removing SHA1
from an
On Sep 10, 2009, at 10:51 AM, Philippe Cerfon wrote:
Not really. If there were good reasons to believe OpenBSD's entropy
collector was better than Linux's, the Linux crew would fix the code,
maybe even borrowing OpenBSD's entropy collector.
Ah,.. right... it was the other way round it didn't
* Philippe Cerfon philc...@googlemail.com [2009-09-10 14:03]:
I'd have some additional poor men's questions ;-)...
- When creating a new key,.. it uses the entropy, right? So is there
some way to improve this entropy? Perhaps not using Linux but instead
OpenBSD which might have a better PRNG
* Sebastian Wiesinger gnupg.us...@ml.karotte.org [2009-09-10 18:01]:
Hi,
regarding this, the Simtec Entropy Key http://www.entropykey.co.uk/ is
available for sale online since a few days ago. This is an USB
hardware entropy generator. Perhaps this would be something to
consider in your
On 09/10/2009 10:54 AM, Robert J. Hansen wrote:
On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote:
I thought the key ID is only used for humans to short check the
keys,.. but not in the system itself?!
Nope, it's pretty pervasive in the system.
Unless i misunderstand the context, I
Thanks for the reply!
How do I troubleshoot the issue I am experiencing with my Hushmail keys
on the OpenPGP 2.0 card not being able to decrypt my mail?
Are you sure about what you said below regarding the stub and the
secret/private key? I just generated a test key pair on the OpenPGP 2.0
card
On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:
Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
From what I understand Hushmail is based on OpenPGP so it should
work.
The key I have from my Hushmail account is 2048bit in length but
once I
copy the key onto the OpenPGP
This is the error I get when I try to decrypt Hushmail emails in
Thunderbird with the OpenPGP card:
Error - secret key needed to decrypt message
gpg command line and output:
C:\Program Files\GNU\GnuPG\gpg.exe
gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected
Daniel Kahn Gillmor wrote:
On 09/10/2009 10:54 AM, Robert J. Hansen wrote:
On Thu, 2009-09-10 at 14:02 +0200, Philippe Cerfon wrote:
I thought the key ID is only used for humans to short check the
keys,.. but not in the system itself?!
Nope, it's pretty pervasive in the system.
Unless i
Hi Robert.
On Thu, Sep 10, 2009 at 4:54 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
Probably. However, if SHA-1 gets totally broken we'll have a lot bigger
things to worry about than OpenPGP.
What specifically do you mean? Crypto-stuff in banking etc.?
As soon as you find an attack,
What is the correct way to copy existing keys that exist onto an OpenPGP
2.0 card?
I was trying this, is it correct:
gpg --edit-key
toggle
keytocard
select 1
key 1
keytocard
select 2
q
y
smime.p7s
Description: S/MIME Cryptographic Signature
On Thu, Sep 10, 2009 at 5:08 PM, David Shaw ds...@jabberwocky.com wrote:
The real headache here is (as always) the practical - what to do with
existing keys and such. I suspect that removing SHA1 would effectively mean
a new key type for OpenPGP (again, not a disaster - we're on our 4th key
Hello Daniel.
On Thu, Sep 10, 2009 at 6:22 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
The Key ID is a substring (either the last 8 or 16 hex chars) of the Key
Fingerprint (which is 40 hex chars). The Key ID is used nowhere in the
internals of the OpenPGP specification, from what
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
The real headache here is (as always) the practical - what to do with
existing keys and such. I suspect that removing SHA1 would
effectively mean a new key type for OpenPGP (again, not a disaster -
we're on our 4th key
On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen r...@sixdemonbag.org wrote:
I understood him to mean the key ID as the fingerprint of the
certificate's primary signing key, rather than checking each bit of the
certificate's primary signing key individually.
I meant the fingerprint, yes.
But
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
The real headache here is (as always) the practical - what to do with
existing keys and such. I suspect that removing SHA1 would
effectively mean a new key type for OpenPGP (again, not a disaster -
we're on our 4th key
Hi Robert.
On Thu, 2009-09-10 at 10:54 -0400, Robert J. Hansen wrote:
Nope, it's pretty pervasive in the system.
I thought it (and SHA1 fingerprints) would only be used in designated
revoker signatures, and MDC?
The people behind OpenPGP are working on a new OpenPGP proposal that
will use
Philippe Cerfon wrote:
What specifically do you mean? Crypto-stuff in banking etc.?
Specifically? I don't have the time to list everywhere that will
break. SHA-1 is used in a ton of places, and often not places you'd
immediately expect. For instance, computer fuel injection timings are
Philippe Cerfon wrote:
But now that you say it. Would it be better to not just check other
keys via their fingerprint, but to really copy them (e.g. per
USB-stick) from their owners and sign only such direct copies?
No.
Sharing media is a great way to spread malware. Don't do that to your
On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen r...@sixdemonbag.org wrote:
That's three examples of things that will unexpectedly break if SHA-1
falls. A complete laundry list would go for pages and pages and pages.
I'd suggest reading comp.risks; they might have something on point.
Henk M. de Bruijn wrote:
Allen Schultz schreef:
Henk M. de Bruijn wrote:
I checked but even after setting off the option to install GPA. The
relevant files are still installed and when closing the preference menu
a menu keeps on popping up about GPA and the passphrase.
I don't know which
On 09/10/2009 06:32 PM, Christoph Anton Mitterer wrote:
3) One problem with such devices is,.. that one can never know (well at
least normal folks like me) how good they actually are.
If this company would be evil (subsidiary of NSA or so) they could just
sell bad devices that produce poor
On Fri, 2009-09-11 Christoph Anton Mitterer wrote:
. . .
sell bad devices that produce poor entropy thus rendering
our (symmetric and asymmetric) keys, signatures etc. useless.
. . .
Just out of curiousity, about how poor entropy might make
it easy to break encryption: Is it necessary for
On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:
Hi folks.
On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
The real headache here is (as always) the practical - what to do with
existing keys and such. I suspect that removing SHA1 would
effectively mean a new key type for
On Sep 10, 2009, at 8:38 PM, Daniel Kahn Gillmor wrote:
On 09/10/2009 06:32 PM, Christoph Anton Mitterer wrote:
3) One problem with such devices is,.. that one can never know
(well at
least normal folks like me) how good they actually are.
If this company would be evil (subsidiary of NSA or
On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:
The people behind OpenPGP are working on a new OpenPGP proposal that
will use a stronger, better hash algorithm.
Have workings on an 4880 successor already started?
No, at this point things are mainly being proposed as *additions*
On 09/10/2009 10:23 PM, David Shaw wrote:
Could is a very powerful word. At some point, people have to buy and
run the closed-source hardware they need to run their open-source
software on :)
Agreed! I was just pointing out that the lack of true entropy might not
be as obvious as the
On Sep 10, 2009, at 5:44 PM, Philippe Cerfon wrote:
On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen r...@sixdemonbag.org
wrote:
I understood him to mean the key ID as the fingerprint of the
certificate's primary signing key, rather than checking each bit of
the
certificate's primary
43 matches
Mail list logo
