When gpg -recv-key ID is used with the line hkps://hkps.pool.sks-keyservers.net
enabled in dirmngr.conf, it failes with an error message saying dirmngr not
found.
The solution to this is to add the empty file ~/.gnupg/dirmngr_ldapservers.conf
Shouldn't this be added automatically to avoid this
Am 23.02.2017 um 20:09 schrieb ved...@nym.hush.com:
> The Openpgp standards group is working on this.
Yes but who know how many years it will take until a new standard is accepted...
>
> The link you give for the collision used 2 PDF's.
> Using a PDF is sort-of 'cheating', and does not
Today was announced that SHA1 is now completely broken
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
A few weeks back it was mentioned that there is a new proposal for a openpgp
standart including a new algorithm for pgp fingerprints.
As this is currently not
Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand:
> On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote:
>> On 02/17/2017 07:00 PM, si...@web.de wrote:
>>> keyserver hkps://jirk5u4osbsr34t5.onion
>>> keyserver hkps://keys.gnupg.net
>>>
>>> would solve this I guess.
>>
>> No, that'd result in
Am 17.02.2017 um 17:31 schrieb Kristian Fiskerstrand:
> On 02/17/2017 01:37 PM, si...@web.de wrote:
>> Is there something I missed or is this unintended?
>
> gnupg does not ship an installed dirmngr.conf, when no keyserver is
> specified it defaults to hkps://hkps.pool.sks-keyservers.net, the
>
Some time ago I asked about the unencrypted download of public keys.
The answer was that the current gnupg does use https by default to fetch the
keys.
I found the time to retest this on a new setup and found that gnupg 2.1.18
still uses http connections to fetch the keys.
I uses a newly
Am 04.02.2017 um 23:27 schrieb Daniel Kahn Gillmor:
> On Sat 2017-02-04 15:14:50 -0500, sivmu wrote:
>> I suppose this config did not change after upgrading from 2.1.17.
>> Just tested it on 2.1.18 using arch and it still uses http on my setup.
>
> it's not a config chan
Am 04.02.2017 um 08:18 schrieb Daniel Kahn Gillmor:
> On Sat 2017-02-04 01:33:56 -0500, sivmu wrote:
>> When using --revc-key or the gpa frontend, I noticed that the
>> target public keys are still downloded using unencrypted http. While the
>> trnasmitted informatio
When using --revc-key or the gpa frontend, I noticed that the
target public keys are still downloded using unencrypted http. While the
trnasmitted information is generally public, it doesmake things pretty
easy for an adversary to collect metadata such as your contacts.
This is expecially
Am 30.01.2017 um 18:22 schrieb Werner Koch:
> On Mon, 30 Jan 2017 11:56, w...@gnupg.org said:
>
>> I am working on that. But please given me a few days. I want to align
>
> Time warp: All servers updated. Sslabs rating is now A+ (respective A
> for those without HSTS). The used pound
I have been wondering for a while about the use of sha1 in pgp fingerprints.
Although sha1 may not be easily broken in practise, there are
theoreticall collosion attacks that are feasible for well funded
organisations.
Cryptographers, like Bruce Schneier, have been recommending for years to
Am 25.01.2017 um 23:00 schrieb Robert J. Hansen:
>> The main problem would be its 64-bit block size. Apparently there's a
>> "practical" attack against 64-bit ciphers as used in TLS [1].
>
> Quoting from the abstract: "In our proof-of-concept demos, the attacker
> needs to capture about 785GB
Am 25.01.2017 um 22:25 schrieb Damien Goutte-Gattat:
> On 01/25/2017 02:41 PM, Robert J. Hansen wrote:
>> For that matter, I'm still in the dark as to what the big problem with
>> three-key 3DES is. The best attack against it requires more RAM than
>> exists in the entire world and only reduces
Am 25.01.2017 um 12:14 schrieb Peter Lebbing:
> On 25/01/17 09:52, Werner Koch wrote:
>> OCSP is used as an alternative to CRLs and not directly related to
>> privacy.
>
> The OP might have meant "OCSP Stapling" which includes the OCSP data in
> the data sent by the webserver during TLS session
Hi,
not sure this is the perfect place, but I wanted to point out that the
gnupg.org website still uses sha1 as a mac.
If I am not mistaken, several common browsers have announced to display
warnings fur this kind of tls connection, so it might be a good idea to
update the server at the next
Am 18.12.2016 um 10:49 schrieb Peter Lebbing:
> On 18/12/16 01:56, Robert J. Hansen wrote:
>> Nope. OpenPGP requires each RSA encryption add at least eight random
>> bytes to the data pre-encryption in order to make even identical
>> messages encrypt to different ciphertexts.
>
> However, this
Am 19.12.2016 um 02:20 schrieb Jan Kundrát:
> Hi,
> we're using gpgme's C++ bindings in Trojita [1], an IMAP e-mail client.
> After an update of gnupg from 2.1.15 to 2.1.16, gpg-agent appears to
> need more than 10s to initialize itself during startup -- or at least
> our very first
Am 18.12.2016 um 01:30 schrieb Andrew Gallagher:
>
>> On 18 Dec 2016, at 00:17, sivmu <si...@web.de> wrote:
>>
>> ... that this means RSA encrzption is reproducable, meaning encrypted
>> files of the same plaintext result in the same ciphertext, as this woul
Am 16.12.2016 um 13:36 schrieb Andrew Gallagher:
> On 16/12/16 02:30, sivmu wrote:
>> If the token does the encryption (and signing) operations,
>
> Smartcards perform signing and DEcryption (which in the case of RSA are
> mathematically identical).
>
>> it needs r
Am 15.12.2016 um 22:17 schrieb Damien Goutte-Gattat:
> On 12/15/2016 08:35 PM, sivmu wrote:
>> From what I understand, a malicious token can e.g. perform encryption
>> operations with weak randomness to create some kind of backdoor that is
>> hard to detect.
>
> The
Am 15.12.2016 um 02:35 schrieb NIIBE Yutaka:
> sivmu <si...@web.de> wrote:
>> One question remaining is what is the difference between the openpgp
>> smartcard and the USB based tokens.
>
> I think that the OpenPGP card (the physical smartcard) is included in
> Nit
the openpgp
smartcard and the USB based tokens.
Also how much would you trust those vendors and can the use of such
tokens actually decrease security?
Any advise would be welcome
Regards,
sivmu
signature.asc
Description: OpenPGP digital signature
22 matches
Mail list logo