Noiano wrote:
> to choose and why. Is it one more secure than the other? I don't think
> so but I think there are some difference that make one algorithm
> suitable for some uses than the other.
There was a lengthy discussion on this list about the differences between
RSA and DSA a few weeks ago.
> Ultimately, you trust _someone_. Which is precisely the point I made:
> trust underlies everything. Without that fundamental trust, there's no
> point talking about authenticity.
If that someone is yourself, do you still call it trust?
Some things about myself I only trust, such as my memory
Allen Schultz wrote:
> Is there a comprehensive list of hashes used in encryption that can
> help me choose which is the best to use?
I'm sure there is, but such a list would not do you much good. The
application you use probably only supports a few. Some are old and
insecure, and should not be us
> If I had good reason to believe Google was up to something nefarious,
> there is nothing in heaven or earth that would cause me to say "yes,
> that site is authentic."
The point of certificates is for you to be able to verify that you are on
the site you think you are, and not a fake one. If you
> Well, except that your attack isn't a birthday attack.
>
> A birthday attack involves making a ton of different messages and
> checking _all_ messages created to find _any_ collision.
>
> Your attack involves taking one particular message and creating
> permutations of it, one after another, look
Robert J. Hansen wrote:
> Because there is no such thing as an 'insignificant' amount of
> resources. Everything has a price associated with it. The trick is to
> get the most bang for your buck.
Well I guess what's insignificant to one person might not be to another. I
know some spammers get ad
Robert J. Hansen wrote:
> Doing a birthday attack is highly nontrivial. E.g., to do a birthday
> attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules
> to be liberated as heat. That's about as much as you'd get from an
> entire full-out strategic nuclear exchange between the US
"Robert J. Hansen" wrote:
> This is not my experience. I've received spam addressed to my amateur
> radio call sign (KC0SJE) at a domain that's not directly associated with
> me. I don't know how it was discovered, but for right now I'm leaning
> towards the hypothesis that spammers have made pa
That was a very good explanation of what a hash firewall and a
second-preimage attack are. But I think it gives the impression that all
the hash firewall is good for is protecting against a second-preimage
attack, and therefore is of little importance, since a successful
second-preimage attack on S
Robert J. Hansen wrote:
> In the battle between armor and warhead, _always_ bet on the warhead.
>
> Playing defensively and trying to make an email address invisible is
> going to be an exercise in frustration. They always get seen. They
> always get spammed. Play defensively and you lose.
Well
Thanks again for all your answers, I'm really interested in this kind of
stuff.
Robert J. Hansen wrote (regarding "DSA2" keys):
> The latest versions of PGP support them.
That's good news. Can it also create them? But there are probably still
many using older versions. I know some who refuse to
Robert J. Hansen wrote:
> 2. Why do you need an RSA keypair? The overwhelming majority of users
>are best served by sticking with the defaults--which, in this case,
>means a DSA/Elgamal keypair.
I prefer RSA keys because
- DSA does not have a hash firewall.
- They don't have a 1024 bit
I'm about to generate a new keypair, and got a few questions.
I have many e-mail addresses and change them frequently, and therefore I
don't want to have one in my public key. (Also because I'm afraid of
getting spam.) I think this would be easier than having to update a lot of
user IDs. Are there
>> Why are the keys in pubring.gpg in the order in witch they were
>> imported?
>
> pubring.gpg is an internal data structure of gpg and only to be used
> by gpg. If you want to export import stuff, you need to use the gpg
> commands --import or --export.
Yes, I know how to import and export keys
Why are the keys in pubring.gpg in the order in witch they were imported?
Is this not considered a security risk? Would it not be safer and more
convenient to have the keys sorted by user ID or key ID?
I deleted all files in my .gnupg directory, and then imported a public
key. Then I exported the
Hello,
I'd like to export all public keys in my keyring to seperate ASCII-armored
files, using the name from the user ID as the filname, and adding ".asc"
as the extension. If a key has multiple user IDs, then the name from the
newest one should be used. Is there a shell script that can do this?
"Gabriele Alberti" <[EMAIL PROTECTED]> wrote:
> Keeping in mind my password can be composed with all 95 writeable ascii
> chars,
> using for example a 15 chars password gives me a "password space" of
> 95^15,
> that is 463291230159753366058349609375 passwords..*much* smaller than the
> 256
> bit
[EMAIL PROTECTED] wrote:
> Well, my first "attempt to repair" would be to "open" the Key with the
> Edit function in GPGshell and re-set the prefs (even if you keep them
> the same) and then use the "save" Command. Whenever one "tinkers" with
> their Key a new self-signature is generated showing
"Alphax" <[EMAIL PROTECTED]> wrote:
> If that doesn't work, gpg --sign 0x75AC881F ...
Re-signing the key was the first thing that came to my mind when I saw the
"this may be caused by a missing self-signature" message, but it doesn't
help (see below). As you can see, deleting the self-signature a
Hello,
I've got an old keypair, generated in 2003 with the current PGP version at
that time. When I import the secret key, I get:
gpg: key 75AC881F: no valid user IDs
gpg: this may be caused by a missing self-signature
I'm able to get the key to work in gpg, but is there any way to fix it, so
th
gpg --import filename
Oskar
> Hi all,
>
> In my previous linux installation i exported my keys to privatekey.txt
> and publickey.txt files. After new installation i want to re-install
> (re-import) them.
>
> Which command should I use, or is there a way to re-import privatekey?
>
> THX
>
> __
Does anyone know why there still isn't a Debian package for version 1.4.2
of GnuPG? http://packages.debian.org/gnupg
Oskar
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[EMAIL PROTECTED] wrote:
> I don't know of any transparent keyboards off-hand (I can check our
> local computer store tomorrow, since they have one there).
Thanks!
> But, I will
> say this. There is a keylogger out that goes between the keyboard plug
> and the case.
There are several, see http
"Neil Williams" <[EMAIL PROTECTED]> wrote:
> What makes you think a keylogger goes 'inside' a keyboard? The cable
> connection is just as easy and an internal unit (on the inside of the
> socket on the box) even better.
I keep my case open, so I would notice that. There enough space for a
keylogg
Hi,
Can anyone recommend a transparent keyboard, or any kind of keyboard witch
makes it easy to check that a keylogger has not been installed inside
whilst you were away. I only found this one:
http://www.directron.com/kb603cl.html
Oskar
___
Gnupg-user
Unless it is possible to configure Excel not to update the time stamp,
then the only solution I can think of is to mark the file as "read-only".
Oskar
> I hate to admit that I still use MS-Excel rather than an open source
> spread sheet tool, but workplace requirements constrain my fate...
>
> An
> On Sat, Jul 23, 2005 at 03:33:53AM +0000, Oskar L. wrote:
>> > Red Hat and others use a filename of "MD5SUM", which is a clearsigned
>> > file containing the human readable MD5 hashes. I like your CHECKSUMS
>> > idea better since MD5 isn't
What differences are there between different keyservers? What should one
take in consideration when choosing witch keyserver to use?
Oskar
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> Red Hat and others use a filename of "MD5SUM", which is a clearsigned
> file containing the human readable MD5 hashes. I like your CHECKSUMS
> idea better since MD5 isn't the way to go any longer.
>
> David
Naming a file containing hashes CHECKSUMS would not be a good idea, since
a hash is not
> > Sorry if this is a bit off topic. When you calculate the hashes (sha1)
for
> > several files, and save them in a singel file, then is there any standard
> > witch states or suggests what this file should be called?
>
> Not that I know of. The format used by sha1sum is probably the best
> suite
http://www.euronews.net/create_html.php?page=detail_europa&lng=1&option=0,europa
Patenting software in EU remains divisive - EP kills directive on harmonising
Using its muscle like never before, the European Parliament has thrown out
a controversial bill to harmonise patents on software. This was
Sorry if this is a bit off topic. When you calculate the hashes (sha1) for
several files, and save them in a singel file, then is there any standard
witch states or suggests what this file should be called?
Oskar
___
Gnupg-users mailing list
Gnupg-users
[EMAIL PROTECTED] wrote:
> I thought that there *is* a win 32 version of 1.4.2 somewhere
>
> Am I wrong ?
>
> Thanks
>
> Subu
Version 1.4.2 has not been released yet, but a release candidate for it
has. There is no official Windows binary for the release candidate, but
since the source code is av
Hi,
I export a public key in binary format and open it in a hex editor. Is
there any documentation explaining what I see? Like if there are any
particular bits that begins and ends user ids, signatures etc.
Oskar
___
Gnupg-users mailing list
Gnupg-user
"Martin Geisler" <[EMAIL PROTECTED]> wrote:
> When you have 64 different possibilities, all of equal likelyhood,
> then you can code them using 6 bit. This is what the entropy tells
> you.
>
> The fact that A in the 7-bit ASCII standard is 0101 is just a
> coincedence --- they could just as we
Hi,
If I'm not misinformed the passphrase can be encoded using different
character sets. Can I in gpg change witch one is used, or does it depend
on witch operating system I use? How does it affect the way you calculate
entropy if a character is encoded using 16 or 24 bits (as some characters
are
Hi,
Using the release candidate for version 1.4.2, I imported my public and
secret key, and just like with version 1.4.1 I got double self-signatures
on it. I then deleted the first one, exported both keys, deleted my
keyring, imported the keys, and the double self-signatures were still
there. I t
"Per Tunedal Casual" <[EMAIL PROTECTED]> wrote:
> Hi,
> I want to sign keys with signatures having a limited life time. Can I set
> an expiration date when I sign a key?
>
> I often get a question if I want my signature to expire when the key
> expires, so far so good. I want to set a date of my o
"Roscoe" <[EMAIL PROTECTED]> wrote:
> Lets say there are about 10 words in your dictionary. Lets also
> say there are about 100 different characters on your keyboard.
>
> Now for password of random characters we would need:
> log(340282366920938463463374607431768211456)/log(100) 20 chars.
>
>
"=k3Rn=" <[EMAIL PROTECTED]> wrote:
> What is the real advantage of a smartcard? I have stored my
> secret-keyring on an usb-stick at the moment. How could i improve
> security further more? I am just reading about encrypting the filesystem
> on the stick using 'truecrypt' - is that a good idea
"David Shaw" <[EMAIL PROTECTED]> wrote:
> No, it's the other way around. The public key can be created from the
> secret key. What you are seeing with the second self-signature is a
> historical oddity. In the past, keys were generated with two
> different self-signatures - one on the secret key
Werner wrote:
> When importing a secret key into a keyring without a public key, a
> public key is created from the secret key. Due to historic reasons
> the self-signature on the secret key is a different one than the one
> created with the public key. How when importing the public key a new
> s
Hello, I'm new on this list. Can anyone tell me why I get a second
self-signature when I do this:
[EMAIL PROTECTED]:~$ gpg --list-sigs
/home/oskar/.gnupg/pubring.gpg
--
pub 1024D/7EE6D97F 2005-05-18
uid foobar <[EMAIL PROTECTED]>
sig 37EE6D97F
43 matches
Mail list logo
