1300+ entries in 0.331s
nubbins`: so it would appear that casascius has stopped responding to requests for
PGP chains of custody
mircea_popescu: what'd be the use of
pgp if nobody had an 1.x branch package ?
PeterL: then does it need to be part of
pgp?
jurov: asciilifeform: how many webdevs or even W3C dudes ever thought about
pgp?
mircea_popescu: "hackers" my foot. do you know how many people that are "bitcoin traders" EVEN KNOW what
pgp is ?
mircea_popescu: looky. a gossipd based on the concept that you keep firewalled clients at home and they connect to a random pile of websites, which simply respond with
pgp -w text
mircea_popescu: whenever one in my wot wants to see what i'm up to he should connect to trilema, read "plain text" of the
pgp -w ilk above, that's it.
mircea_popescu: incidentally, re the eventual republican reimplementation of
pgp : other than the -a armored mode, i want it to also have a -w armored mode. in this mode, it should load a list of lines from a file, modulo the message by the line count of that file, replace every numeric unit with the respective line,
mircea_popescu: dumbest fucking idea. why THE FUCK would the transport layer be even aware of
pgp as opposed to plaintext.
assbot: Logged on 17-11-2015 22:38:39; ascii_field: (is a specially crafter derplinux pre-impregnated with tor, faux
pgp, etc)
ascii_field: (is a specially crafter derplinux pre-impregnated with tor, faux
pgp, etc)
☟︎ mircea_popescu: "
PGP is not as important as people think. As long as both parties use an encrypted email (and connect with a VPN, TOR, TAILS, whatever) you're fine. This is because if they get access to the webmail all information is decrypted either using automatic
PGP decryption (eg: Countermail) or locally on their computer (somewhere this information is going to be stored)."
mircea_popescu: kakobrekla oh i see, THERE it's about the version. if it were a different version than 3.1 it'd have been fine, because windows is usgtronics. MEANWHILE the problems with gpg-hijacked are really problems WITH
PGP.
assbot: Logged on 15-11-2015 03:20:51; mircea_popescu: the conclusion is remarkably not "
pgp 2.x is a scam"
mircea_popescu: "(Let's not get into the NSA's collect-it-all policy for encrypted messages. If the NSA is your adversary just forget about
PGP.)" << yeah, right. THAT is why i read their stuff and they don't read my stuff, because i take advice from john hopkins fucktards.
mircea_popescu: but "
pgp is bad" which was the entire point of the 2.x branch of "developlent" in the first fucking place.
pete_dushenski: this disinfo is at least as old as Alma Whitten and J. D. Tygar 1999. Why Johnny can’t encrypt: A usability evaluation of
PGP 5.0. if not older
phf:
http://arxiv.org/pdf/1510.08555.pdf "Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern
PGP Client". wtf is the point of these "studies"? "We elected to test Mailvelope, a modern
PGP tool, for our study. Mailvelope is a browser extension that integrates with users’ webmail systems." "Participants were allocated sixty minutes to com- plete the study, with about 35-40 minutes spent using Mail- velope."
pete_dushenski: general q : are there any documents or text floating about that were verifiably
pgp-signed by satoshi ? inquiring minds...
mircea_popescu: for someone who knows enough of
pgp to say "Besides, there’s no power in abolishing anonymity, the power is in giving everyone the pretense of anonymity while secretly retaining the
PGP keys to the kingdom."...
Krystyl: I think I need to look into this more because I have no idea what
pgp & gpg are........
mircea_popescu: basically you need a
pgp key (do you have one ?) and register it with assbot
assbot: Searching
pgp.mit.edu for key with fingerprint: A2E107958CF9F320EFB05297F5972074BD8D68DF. This may take a few moments.
assbot: No valid OpenPGP data found on
pgp.mit.edu.
assbot: Searching
pgp.mit.edu for key with fingerprint: A2E107958CF9F320EFB05297F5972074BD8D68DF. This may take a few moments.
gribble:
pgp was last seen in #bitcoin-assets 1 year, 37 weeks, 3 days, 21 hours, 31 minutes, and 8 seconds ago: <
pgp> wrong chan
pete_dushenski: but if monday rolls around and you find my
pgp sig on a mortgage and a !rate travispatron 10 bbf4lyf, i'm in a better place.
assbot: Searching
pgp.mit.edu for key with fingerprint: E465FB9F065F4BF966AF465407CC5D7C4A0208B8. This may take a few moments.
mircea_popescu: "In
PGP and GnuPG, the public-key cipher is probably the weaker of the pair. Fortunately, however, if an attacker could decrypt a session key it would only be useful for reading the one message encrypted with that session key. The attacker would have to start over and decrypt another session key in order to read any other message."
pete_dushenski:
http://log.bitcoin-assets.com//?date=13-10-2015#1298016 << update: adam_obrien and i played golf this afternoon and chatted about
pgp key-signing. in his excitement at discovering the command line tools, he tried out everything he could find (he's an enthusiastic kid!) and yes, signed my key. he was quite surprised to learn that this changed the key block on the sks etc servers.. fwiw
☝︎ pete_dushenski: actually, if i were goldman, i'd use 'symphony chat' for 'clean tawk' and
pgp for 'dirty tawk'.
mircea_popescu: phf notice that the gossipd thing was specced, the
pgp one has not.
mircea_popescu: there's also a bunch of large-ish stand-alone items, such as the gossipd (which might still be done by artifexd, haven;t heard from him for a while) and a proper redesign of
pgp ascii_field: now mircea_popescu, find a fast machine with hardware rng and run n = 21474837. then, shoot it into
pgp.mit.edu ...
ascii_field: (goes without saying, don't run on a box where
pgp is used for anything else. it will strain your rng to all hell)
pete_dushenski: off for a spell. will talk to o'brien this week. fuckin
pgp...
pete_dushenski: coincidentally to this bit of strange, i finally moved mr. o'brien off of 'apple mail' '
pgp'... last week.
pete_dushenski: can someone explain to me why
pgp public key blocks appear to differ while resulting in the same public key being imported ? are differenct hash algorithms being used ?
binaryatrocity: by signing a message with your
PGP key, thus linking hte accounts
mircea_popescu: <ascii_field> or, if american forgery, why not crank out a
pgp to sign with
ascii_field: or, if american forgery, why not crank out a
pgp to sign with
jurov: "popping your private key into your browser" IS NOT "the same vein as
pgp.mit.edu is used" !!!
binaryatrocity: Obviously popping your private key into your browser is asking for a bad-time, but in the same vein as
pgp.mit.edu is used, it's basically teh same functionality?
mircea_popescu: it's not like the distinction is in any way meaningful. it's pure bullshit, which is one of the major reasons the
pgp "standard" is so borken. there's no actual enforcing of the notions it then purports to expose to the verbal world.
mircea_popescu: that given the known weaknesses of the
pgp protocol as it is, the only responsible manner of using it is to include an index in every signed item, and to increment it by one every time you sign anything.
mircea_popescu: <phf> asciilifeform: why did you go with a separate keys folder instead of relying on existing pubring? << more calmly explained, because
pgp is marked for death. we're working deliberately towards replacing it.
ben_vulpes: punkman: so
pgp'd be the one i'm looking for?
ben_vulpes: re previous deed: i briefly went hunting for prehistoric gnupg or
pgp source recently. does anyone have copies?
assbot: Logged on 09-10-2015 01:56:06; asciilifeform: my original observation, though, stands - the time to stop thinking of
pgp 64bit fp as 'the man' is not when arbitrarily colliding sha1 costs a penny! it is now.
phf: oh hey i wrote a poc for
pgp filter at toorcon, when that other wifi mitm came out. no need to figure out what's where, just sit on the
http stream, catch text/*, grep it for gpg headers, and then rewrite on the fly
mircea_popescu: well so i got your email but apparently there;s still someting wrong because it's all garbled and what is this "-----BEGIN
PGP MESSAGE-----" stuff.