Hello Will,
somewhat off-topic, but..
On 04.04.2017 01:18, Will Senn wrote:
> If this has been addressed recently, my apologies, I couldn't find a
> search interface for gnupg-users...
You can use a google query like this:
"site:https://lists.gnupg.org/pipermail/gnupg-users/ "
This restricts t
On 4/3/17 11:48 PM, Doug Barton wrote:
> On 04/03/2017 08:33 PM, Will Senn wrote:
>> I didn't ask if I should get one. I asked if there were resources to
>> help a newb make decisions regarding them. While I sense a certain
>> disdain in your response, I'll make some clarifying comments in the hop
On 04/03/2017 08:33 PM, Will Senn wrote:
I didn't ask if I should get one. I asked if there were resources to
help a newb make decisions regarding them. While I sense a certain
disdain in your response, I'll make some clarifying comments in the hope
that its worth the effort...
Robert's answer
On 4/3/17 9:27 PM, Robert J. Hansen wrote:
>> What do you mean by "will be better served by avoiding them"? What's the
>> reservation?
> Imagine we're in a restaurant and you ask me, "Should I order the
> pizza?" Well, beats heck out of me. I don't know you from Adam, I
> don't know your persona
If you ask me... people don't want to learn anything, they are happy being
ignorant and clueless about security.
Sent from my android device.
-Original Message-
From: "Robert J. Hansen"
To: gnupg-users@gnupg.org
Sent: Mon, 03 Apr 2017 20:39
Subject: Re: Smart card
> Are smartcards o
> What do you mean by "will be better served by avoiding them"? What's the
> reservation?
Imagine we're in a restaurant and you ask me, "Should I order the
pizza?" Well, beats heck out of me. I don't know you from Adam, I
don't know your personal tastes, I don't even know if you're hungry. So
I
On 4/3/17 8:37 PM, Robert J. Hansen wrote:
>> Are smartcards out of vogue? If not, can you suggest resources that will
>> help a newb make decisions regarding them?
> Smartcards are not out of vogue for people who need them. Those who
> don't will be better served by avoiding them. Do you have a
On Sun, Apr 02, 2017 at 07:12:38PM -0400, Robert J. Hansen wrote:
> > 2. Enumerating the possible signature of that certain message and
> > using the target's public key to verify if one of the signatures is
> > correct.
>
> I'm not sure what you mean here; that's not how signatures work.
> Signat
> Are smartcards out of vogue? If not, can you suggest resources that will
> help a newb make decisions regarding them?
Smartcards are not out of vogue for people who need them. Those who
don't will be better served by avoiding them. Do you have a need for
one? If so, the kernelconcepts card wo
> I believe the OP is asking whether it'd be easier to brute-force a
> signature than it is to brute-force a private key.
Unimaginably harder to brute-force a sig.
Since RSA is deterministic (at least, naïve RSA is), a sig is done on a
digest (of let's say size 256 bits) and there are 2**256 diff
In my PGP research, I have been looking for a smart card that supports
openpgp. I found the OpenPGP Card Version 2.1 over at kernelconcepts,
but I'm wondering if they are still operational. I also saw something
called a Yubi Key on Amazon. I found this howto that is pretty dated:
https://www.gnupg.
On 4/3/17 1:25 AM, Doug Barton wrote:
>
> > but
> > I'm not having much luck signing with subkeys, so I'm not convinced this
> > is worth the headache and increased complexity of key management.
>
> It's not really that hard to do, what kind of problems are you having?
> The instructions at https:
Hi!
Here is a plain text copy of Marcus' recent blog entry. The permanent
URL is: <https://gnupg.org/blog/20170403-a-new-bugtracker-for-gnupg.html>.
If you like to comment, please follow up on this mail.
_
201
Hello!
The GnuPG team is pleased to announce the availability of a new release
of GnuPG: version 2.1.20. See below for a list of new features and bug
fixes.
About GnuPG
=
The GNU Privacy Guard (GnuPG) is a complete and free implementation
of the OpenPGP standard which is commonly a
On 03/04/17 15:30, Doug Barton wrote:
> We really need to stop referring to this as signing.
I agree. But it might be too late.
I used it as a means of explaining what I meant with "Certify
capability". Next time I'll somehow work into my formulation that this
should be called certification, not
On 04/03/2017 04:20 AM, Peter Lebbing wrote:
On 02/04/17 21:00, Neal H. Walfield wrote:
In short, the main key acts as a level of indirection, which separates
your identity from your encryption/signing keys.
I'd like to extend this short description a bit :-). There is one
important somewhat-c
On 04/03/2017 04:16 AM, Peter Lebbing wrote:
On 03/04/17 08:25, Doug Barton wrote:
That said, as long as you have a suitable passphrase your risk of key
compromise is really, really minimal, even if they did get total control
over your device. Barring coercion, the chances of someone guessing yo
On 02/04/17 21:00, Neal H. Walfield wrote:
> In short, the main key acts as a level of indirection, which separates
> your identity from your encryption/signing keys.
I'd like to extend this short description a bit :-). There is one
important somewhat-caveat, which is that you can't delegate the C
On 03/04/17 08:25, Doug Barton wrote:
> That said, as long as you have a suitable passphrase your risk of key
> compromise is really, really minimal, even if they did get total control
> over your device. Barring coercion, the chances of someone guessing your
> passphrase is near zero. And currentl
Hi,
At Sun, 2 Apr 2017 18:23:14 -0500,
Will Senn wrote:
> but at the end of
> the day, I don't seem to be able to sign anything with the signing
> subkey if the master key is not present (with sec instead of sec#). Do
> you know how I get it to use the subkey (the manual says it will default
> to
20 matches
Mail list logo
