-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 26-07-2012 5:56, Ben McGinnes escribió:
On 26/07/12 6:40 PM, Robert J. Hansen wrote:
...
For instance, I don't like Serpent very much on account of how
complex it is. My rule of thumb is, if I don't believe an
undergraduate in computer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 26-07-2012 8:43, Heinz Diehl escribió:
On 26.07.2012, Faramir wrote:
That's security through obscurity assuming the other one won't
know where to search for the key, which is not stored with
...
Not right, if your secret key is protected by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23/07/12 6:52 AM, Robert J. Hansen wrote:
Cryptography is a subtle art, and algorithms interact with each
other in deeply surprising and counterintuitive ways. Before
advocating that algorithms be composed together to achieve certain
On 7/26/2012 4:05 AM, Ben McGinnes wrote:
On a semi-related tangent, does this mean that utilising the three
symmetric ciphers available in TrueCrypt (AES, Serpent and Twofish)
is a bad idea or do they play well together?
My understanding is they at least tolerate each other, but I'm unaware
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 26/07/12 6:40 PM, Robert J. Hansen wrote:
On 7/26/2012 4:05 AM, Ben McGinnes wrote:
On a semi-related tangent, does this mean that utilising the
three symmetric ciphers available in TrueCrypt (AES, Serpent and
Twofish) is a bad idea or do
On 26.07.2012, Ben McGinnes wrote:
Also, if you had to pick one of those three, which would you choose
(for general purposes rather than a specific threat model and ignoring
the possible speed differences between AES and Serpent)?
As far as I know, none of those three is broken. So if
On 26.07.2012, Faramir wrote:
That's security through obscurity assuming the other one
won't know where to search for the key, which is not stored with
the right extension or in the most common place.
Not right, if your secret key is protected by a passphrase (or
strong password), it
On 7/26/2012 5:56 AM, Ben McGinnes wrote:
Interesting. Most of the things I've read on Serpent, which
admittedly isn't much, is about how it was not accepted for AES
because of the speed aspects rather than other aspects and that it
may be more secure.
Yeah, well -- this tends to get
On 25.07.2012, Faramir wrote:
Clearly I'm out of my league there. I had heard about that, but
later I also heard about stacking different algos (with different
keys
of course) to increase security.
What's the model of threat in your case, actually? Usually, the crypto
algorithm isn't the
On Wed, Jul 25, 2012, at 03:23, Faramir wrote:
El 22-07-2012 19:39, antispa...@sent.at escribió:
On Sun, Jul 22, 2012, at 16:25, Doug Barton wrote:
...
Your private key is encrypted, right? Use a strong password for
that and you're in fine shape.
Yes, security through obscurity. A
Hello. I use both too, but I do so mainly due to the convenience it
provides without apparently introducing additional weakness to my system. I
put the key names, not the actual code with the keys themselves, into the
Keepass database so that I can have handy access to the passwords for them.
On 07/25/2012 05:29, antispa...@sent.at wrote:
I keep the key on the same phisical drive as the encrypted document.
That's security through obscurity assuming the other one won't know
where to search for the key, which is not stored with the right
extension or in the most common place.
I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 25-07-2012 1:12, Robert J. Hansen escribió:
On 7/24/2012 10:21 PM, Faramir wrote:
Clearly I'm out of my league there. I had heard about that, but
later I also heard about stacking different algos (with different
keys of course) to increase
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 25-07-2012 2:50, Heinz Diehl escribió:
On 25.07.2012, Faramir wrote:
Clearly I'm out of my league there. I had heard about that, but
later I also heard about stacking different algos (with different
keys of course) to increase security.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 25-07-2012 8:29, antispa...@sent.at escribió:
On Wed, Jul 25, 2012, at 03:23, Faramir wrote:
...
Yes, security through obscurity. A possible attacker won't know
for
...
I don't know why do you say security through obscurity. Private
keys
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/25/2012 17:54, Faramir wrote:
I find the question interesting, because maybe, some day, I might
think about storing one encrypted thing inside another encrypted
thing.
There's no *harm* in doing that (absent potential outliers), and there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 22-07-2012 16:52, Robert J. Hansen escribió:
On 7/22/2012 12:12 PM, Faramir wrote:
If your secret key is password protected, placing it inside a
keepass file would add a second (maybe unneeded) layer of
protection, and you can chose a
On 7/24/2012 10:21 PM, Faramir wrote:
Clearly I'm out of my league there. I had heard about that, but later
I also heard about stacking different algos (with different keys of
course) to increase security.
I'm unaware of any reputable reference that recommends this practice.
That's not to say
On 23-07-2012 3:16, Robert J. Hansen wrote:
Far more likely is a situation where you just don't meet your goals.
For instance, if you encrypt data once with a DES key and then encrypt
it again with a different DES key, you might think this would be 'two
layers' of crypto. In reality, there
On 7/23/2012 3:19 AM, Johan Wevers wrote:
That would be true if DES was a group, which it is not. That's why 3DES
is more secure than single DES.
D'oh. I don't know offhand which cipher I was thinking of (it's 3:30am
and I'm about to hit the sack), but you're right, clearly I could not be
On Sun, Jul 22, 2012, at 21:16, Robert J. Hansen wrote:
The real concern here isn't making the overall system weaker: it's
fooling yourself into thinking you've made the system stronger, when in
reality you probably haven't.
I don't want to make it really stronger. Just less usable for the
A different method I'd like to throw in for consideration is using a very strong
random password generated by KeePass as the password to unlock your OpenPGP
private key.
A password with a lot of randomness is comparable to a symmetric encryption
key when fed to GnuPG. GnuPG will still throw in
On Mon, Jul 23, 2012, at 16:25, Peter Lebbing wrote:
A different method I'd like to throw in for consideration is using a very
strong
random password generated by KeePass as the password to unlock your
OpenPGP
private key.
Yes, that sounds a lot better than what I had in mind. It's also a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 20-07-2012 11:51, antispa...@sent.at escribió:
I don't know much about security and cryptography. So what do you
think about this combination? Is it any safer or is just a waste of
time with the conversion to ASCII and back?
If your secret
On 7/22/2012 12:12 PM, Faramir wrote:
If your secret key is password protected, placing it inside a keepass
file would add a second (maybe unneeded) layer of protection, and you
can chose a different encryption algorithm than GnuPG uses, so if one
algo gets broken, the other would hold.
Not
On Sat, Jul 21, 2012, at 18:46, Doug Barton wrote:
On 07/21/2012 16:26, antispa...@sent.at wrote:
Hmm… that's an excellent question. I never formulated it this way. I
guess computer theft. The other possible scenarios are far less
probable.
Still doesn't answer the question. :) What bad
On 07/22/2012 14:51, antispa...@sent.at wrote:
On Sat, Jul 21, 2012, at 18:46, Doug Barton wrote:
On 07/21/2012 16:26, antispa...@sent.at wrote:
Hmm… that's an excellent question. I never formulated it this way. I
guess computer theft. The other possible scenarios are far less
probable.
On Sun, Jul 22, 2012, at 16:25, Doug Barton wrote:
On 07/22/2012 14:51, antispa...@sent.at wrote:
Having a few private files opened with the key that resides on the same
hard drive unit, which I know it's a no–no.
Your private key is encrypted, right? Use a strong password for that and
On 7/22/2012 7:22 PM, antispa...@sent.at wrote:
Very interesting. So having a keepass database or a gpg keychain on a
Truecrypt drive might make them both more vulnerable?
Might, sure, although for modern crypto it's quite unlikely.
Far more likely is a situation where you just don't meet your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 20 July 2012 at 4:51:38 PM, in
mid:1342799498.14477.140661104546589.6c120...@webmail.messagingengine.com,
antispa...@sent.at wrote:
I don't know much about security and cryptography. So
what do you think about this combination? Is
On Sat, Jul 21, 2012, at 17:29, MFPA wrote:
I don't know much about security and cryptography. So
what do you think about this combination? Is it any
safer or is just a waste of time with the conversion to
ASCII and back?
What combination? Give people a clue!
My fault. Keepass or
On 07/20/2012 08:51, antispa...@sent.at wrote:
I don't know much about security and cryptography. So what do you think
about this combination? Is it any safer or is just a waste of time with
the conversion to ASCII and back?
We can't answer this question intelligently because you haven't
On Sat, Jul 21, 2012, at 14:12, Doug Barton wrote:
On 07/20/2012 08:51, antispa...@sent.at wrote:
I don't know much about security and cryptography. So what do you think
about this combination? Is it any safer or is just a waste of time with
the conversion to ASCII and back?
We can't
On 07/21/2012 16:26, antispa...@sent.at wrote:
On Sat, Jul 21, 2012, at 14:12, Doug Barton wrote:
On 07/20/2012 08:51, antispa...@sent.at wrote:
I don't know much about security and cryptography. So what do you think
about this combination? Is it any safer or is just a waste of time with
the
I don't know much about security and cryptography. So what do you
think about this combination? Is it any safer or is just a waste
of time with the conversion to ASCII and back?
Cheers
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
35 matches
Mail list logo