Re: (OT) mathematicians-discover-prime-conspiracy

On 2016-03-18 13:18, Peter Lebbing wrote: > Can someone point me in the direction of the solution to this > counterintuitive probability theory result? Any of a common name for the > property, a mathematical explanation or an intuitive explanation are > much appreciated! Any match of a pattern

Re: Using gpg for ssh access

When setting this up I missed the step of explicitly enabling ssh agent mode in gpg agent so it would listen for connections from ssh (and pretend to be the ssh agent) then I had to set the environment variable for the ssh socket to the gpg agent socket. After a short while this grew tedious and I

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On 03/17/2016 01:00 PM, Kristian Fiskerstrand wrote: so if the server was to be compromised in some way ... ... the checksum (that you are downloading from the same server) becomes useless. Doug ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: (OT) mathematicians-discover-prime-conspiracy

> On 19 Mar 2016, at 15:34, Peter Lebbing wrote: > >> On 18/03/16 14:26, Andrew Gallagher wrote: >> Alternatively, we could consider how we treat the sequence history after >> a "success". Do we wipe the slate clean once we get ten heads and start >> over? Or if the

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

> > What is your threat model? FWIW, pre-image attacks on SHA-1 are not > even on the horizon. > Pre-image attack? - Fabian s ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: using master key from usb

On 03/19/2016 01:24 PM, Me Self wrote: I can use the master key with: gpg --homedir /media/myusb/gnupg ... Now I want to --sign-keys a key that is imported in the keyring on the harddrive. You can use the --keyring option to add your normal public keyring (containing the key you want to

EasyGnuPG

Hi, I am writting some shell scripts for making GnuPG more accessible and easier to use: - https://github.com/dashohoxha/egpg - http://dashohoxha.github.io/egpg/man/ - https://github.com/dashohoxha/egpg/wiki It is not finished yet (regarding the features that I have planned to implement), but

Re: Using gpg for ssh access

On 03/17/2016 07:32 AM, CANNON NATHANIEL CIOTA wrote: Can someone inform the correct procedure for using gpg to access ssh? If I may, I wrote two blog posts on this subject: * http://www.incenp.org/notes/2014/gnupg-for-ssh-authentication.html (for GnuPG 2.0) *

(slightly OT) SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On 17/03/16 19:01, Daniel Villarreal wrote: > Clarifications and updates on APT + SHA1 > https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/ > "...note that SHA1 support is not dropped, we merely do not consider > it trustworthy." This page then continues: > This

Re: (OT) mathematicians-discover-prime-conspiracy

On 03/18/2016 05:18 AM, Peter Lebbing wrote: Can someone point me in the direction of the solution to this counterintuitive probability theory result? You already got good answers as to why this happens from Viktor and Andrew. You can illustrate them by adding TT to your analysis. Doug

Re: (OT) mathematicians-discover-prime-conspiracy

Thank you all for helpful responses, I understand where the difference comes from now! On 18/03/16 14:26, Andrew Gallagher wrote: > Alternatively, we could consider how we treat the sequence history after > a "success". Do we wipe the slate clean once we get ten heads and start > over? Or if the

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/17/2016 08:44 PM, Daniel Kahn Gillmor wrote: > FWIW, the threat model of digest algorithms being published on an > HTTPS website that then links to the file to be downloaded is much > easier to work around than by compromising SHA-1's

testing installation for the new modern version 2.1.11

Hi,  every one I have just installed gpg2 version 2.1.11 with some difficulties , and I managed to create new keys but I need to make sure that   it has been installed properly ,how can I run self test for all the components and programs  conforming this new version ,sorry for redundancy and

Re: (OT) mathematicians-discover-prime-conspiracy

On 19/03/16 08:31, Fulano Diego Perez wrote: > Doug Barton: >> You already got good answers /after/ as to why this happens Please, please, /please/ don't change any text you are quoting. This is not what Doug said, so it is not a quote, but really looks like one. Other than that, I have no idea

Re: How to silence gpg-agent?

On Tue, 15 Mar 2016 22:06, dashoho...@gmail.com said: > gpg: checking the trustdb > gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model > I believe that it comes from gpg-agent. I have tried to silence it, using > the option '--quiet', but it seems not to work. Any idea what else I

Re: using master key from usb

On Sat, Mar 19, 2016 at 1:24 PM, Me Self wrote: > Hi All > > What is the best way to use a master key from a backup usb? > > The whole ~/gnupg folder is backed up to the usb, and the master key has > been removed from the keyring on the harddrive. > > I can use the master key

using master key from usb

Hi All What is the best way to use a master key from a backup usb? The whole ~/gnupg folder is backed up to the usb, and the master key has been removed from the keyring on the harddrive. I can use the master key with: gpg --homedir /media/myusb/gnupg ... Now I want to --sign-keys a key that

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 18 March 2016 at 2:45:28 PM, in , Daniel Kahn Gillmor wrote: > On any modern Windows installation (since Vista at > least, i think) there > is "certutil.exe" >

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Thu, 17 Mar 2016 19:01, youcanli...@gmail.com said: > Any idea when you'll replace the SHA-1 checksums at the following page? What is your threat model? FWIW, pre-image attacks on SHA-1 are not even on the horizon. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Thu 2016-03-17 15:34:08 -0400, Fabian Santiago wrote: >> >> What is your threat model? FWIW, pre-image attacks on SHA-1 are not >> even on the horizon. >> > > Pre-image attack? https://en.wikipedia.org/wiki/Preimage_attack FWIW, the threat model of digest algorithms being published on an

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Fri, 18 Mar 2016 08:21, w...@gnupg.org said: > I'll look at how we can improve the description on the web page. Actually the current text does not look too bad: If you are not able to use an old version of GnuPG, you can still verify the file's SHA-1 checksum. This is less secure,

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Fri, 18 Mar 2016 15:45, d...@fifthhorseman.net said: > On any modern Windows installation (since Vista at least, i think) there > is "certutil.exe" I know but I have also seen on the gpg4win mailing list that people have problems using it or any other tool. Also worse than checksums or real

Using gpg for ssh access

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Trying to figure out how to use GPG for accessing servers via ssh. I have a key with an authentication sub-key, and used gpgkey2ssh to convert that subkey to an ssh key then saved the output in .ssh/authorized_keys file. Still unable to connect.

Re: (OT) mathematicians-discover-prime-conspiracy

On 18/03/16 12:18, Peter Lebbing wrote: > > After over a million coin tosses, it takes 6 tosses on average until you > see two heads in a row, but only 4 to see head-tail. Obviously, the > script is attached. Supply the patterns on invocation, as shown above. > Any number of patterns of any

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

On Thu, 17 Mar 2016 20:44, d...@fifthhorseman.net said: > FWIW, the threat model of digest algorithms being published on an HTTPS > website that then links to the file to be downloaded is much easier to > work around than by compromising SHA-1's preimage resistance (or even I fully agree and I

Re: (OT) mathematicians-discover-prime-conspiracy

Doug Barton: > You already got good answers /after/ as to why this happens ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

Windows has certutil built-in. On Fri, Mar 18, 2016, 3:27 AM Werner Koch wrote: > On Thu, 17 Mar 2016 20:44, d...@fifthhorseman.net said: > > > FWIW, the threat model of digest algorithms being published on an HTTPS > > website that then links to the file to be downloaded is