On 2020-07-07 at 18:05 -0500, Andrew Pennebaker via Gnupg-users wrote:
> Hello,
>
>
> I am seeing some strange behavior with gpg --decrypt . I had to
> lookup a password recently, and so naturally pressed Control+C to
> cancel the prompt. However, when gpg terminated, it did not fully
> cleanup
On 2020-07-08 at 23:24 +0200, Stefan Claas wrote:
> Ryan McGinnis via Gnupg-users wrote:
>
> > The thing is, if you can't remember a string of random words, are you
> > likely to remember a string 20 random letters, numbers,
> > and characters? Generally, if your non-randomly-generated
Ryan McGinnis via Gnupg-users wrote:
> The thing is, if you can't remember a string of random words, are you likely
> to remember a string 20 random letters, numbers,
> and characters? Generally, if your non-randomly-generated password is easy
> for you to remember, it's also easy for a
>
On 7/8/2020 at 3:49 PM, "Juergen Bruckner via Gnupg-users"
wrote:
>Basically, it has to be said that you should definitely have a
>backup of your key. And you have to be very careful with your SC or tokens.
>In principle it is almost the same as losing your credit card or
>passport etc.
The thing is, if you can't remember a string of random words, are you likely to
remember a string 20 random letters, numbers, and characters? Generally, if
your non-randomly-generated password is easy for you to remember, it's also
easy for a computer to guess. Diceware is the attempt to make
Hello Stefan,
despite my cooperation with the p≡p foundation, the lack of support for
smart cards and tokens is THE knockout criterion why I do not use
sequoia pgp.
It's a good question what to do if you lose your SC or token.
Basically, it has to be said that you should definitely have a backup
Ryan McGinnis via Gnupg-users wrote:
> Went to a security seminar where I asked a random FBI agent after a
> presentation about passwords; he said just to get into
> their personal terminals it was something like 17 characters minimum and that
> the passwords were randomly generated letters
>
> On 8 Jul 2020, at 20:17, Stefan Claas wrote:
>
> And regarding smard cards, what do people do when they are traveling
> and the smard card gets by accident broken or lost?
Multiple smart cards. If you quit rather than save after transferring your
subkeys to smart card, they remain on disk
Juergen Bruckner via Gnupg-users wrote:
> Well i think that's one more reason why you need a smart card or token
> like GnuPG-Card or Nitrokey (or a Yubikey for my sake).
Hi Juergen,
well the thing is I no longer use GnuPG and instead sequoia pgp, which
currently has no smard-card support
It pulls all of your keys from the keyserver, which will update their
expirations and get new signatures and revocations.
I do not believe it should _delete_ keys from your keyring. Just tell you if
the owner has revoked them.
>From the man page:
> --refresh-keys
> Request
Went to a security seminar where I asked a random FBI agent after a
presentation about passwords; he said just to get into their personal terminals
it was something like 17 characters minimum and that the passwords were
randomly generated letters and numbers and symbols and that they were
Well i think that's one more reason why you need a smart card or token
like GnuPG-Card or Nitrokey (or a Yubikey for my sake).
Regards
Juergen
Am 08.07.20 um 18:36 schrieb Stefan Claas:
> Ryan McGinnis via Gnupg-users wrote:
>
>> Six years ago Snowden said to assume the NSA can try roughly 1
Ryan McGinnis via Gnupg-users wrote:
> Six years ago Snowden said to assume the NSA can try roughly 1 Trillion
> passwords per second. I imagine it's significantly
> more by now.
Holy cow! That raises then probably one more question, i.e. the required
minimum length for a strong password
FreeBSD 11.4 / amd64
gpg (GnuPG) 2.2.20
libgcrypt 1.8.5
This is probably a stupid question, but precisely what is supposed
to happen after running "gpg2 --refresh-keys"?
This is the log file created from running the above command:
https://www.seibercom.net/logs/RefreshKeys.txt
If I run the
Six years ago Snowden said to assume the NSA can try roughly 1 Trillion
passwords per second. I imagine it's significantly more by now.
-Ryan McGinnis
http://www.bigstormpicture.com
Sent via ProtonMail
‐‐‐ Original Message ‐‐‐
On Wednesday, July 8, 2020 6:33 AM, Stefan Claas
Hello!
I have read the AutomaticEncryption wiki page
(https://wiki.gnupg.org/AutomatedEncryption).
To check for level 2 I need to know, if a key has a "wkd" source, but
a key in gpgme hasn't a source attribute.
How can I check with gpgme, that a key has a "wkd" source?
Kind Regards,
Ludwig
--
Andrew Gallagher wrote:
> Entropy checkers only provide an *estimate* of randomness, at best an upper
> bound. Once you know that someone has used a
> particular key expansion algorithm, the entropy estimate can go down
> dramatically. This is because randomness is a measure of
> ignorance,
Entropy checkers only provide an *estimate* of randomness, at best an upper
bound. Once you know that someone has used a particular key expansion
algorithm, the entropy estimate can go down dramatically. This is because
randomness is a measure of ignorance, and new information changes the
Ingo Klöcker wrote:
> On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
> > Let's say you travel a lot and do not want to risk that your secret key
> > gets compromised due to border control etc.
> >
> > One simply uses the program passphrase2pgp, from GitHub[1] and when creating
> >
On Dienstag, 7. Juli 2020 22:42:07 CEST Stefan Claas wrote:
> Let's say you travel a lot and do not want to risk that your secret key
> gets compromised due to border control etc.
>
> One simply uses the program passphrase2pgp, from GitHub[1] and when creating
> the key and the passphrase is
20 matches
Mail list logo
