900+ entries in 0.279s
anond: 1º line: "-----BEGIN
PGP PUBLIC KEY BLOCK-----"
anond: the header is "-----BEGIN
PGP PUBLIC KEY BLOCK-----"
mod6: does it say something like "
PGP PUBLIC KEY" at the top?
Framedragger: i mean personally, to be able to exchange
pgp-signed sha512 hashes would make me super happy already - maybe premature ejaculation, yes, but it'd be a *useful facility*.
adlai: covertress: you've evidently passed the "register
PGP key and operate it" barrier, but you're failing the "not annoy people" barrier. you're not the first person to do this, and won't be the last. I suggest you NOT take this personally, figure out why you're failing this test, and... better luck next time.
Framedragger: look at that one person knows to actually include human readable timestamp into the inside of a
pgp signed message which deals with timing-sensitive info!!!
alice_: -----BEGIN
PGP PUBLIC KEY BLOCK----- Version: Keybase OpenPGP v2.0.55 Comment:
https://keybase.io/crypto xsFNBFevnesBEAC90aLfcq+wrWVKGcQWUd+NmB/0kK7OONd0Tg2OUgfHE2RtZSzG mqgsiAmyPsz+R6B3VwkMd3pBiuAZ8IN/jf0px+iikmo0vvWemsnVTUM0mtyoFecy /qyj1+mwjLrzR7UMDP8789JBwxecY+1fS6k4BQio3gGvmqzGr76sAjTZlIbkPs80 Nr502+QhvfOSjnjFTfQkXrzjrssjJp+jEH0OdkC/UT7H0lCWy957UPklwXlEPnu/ KQbcDoV2HWSEG0hW3Ig7+4qC03Bp0W9Z9lRTYZVIbTnDLJ+z4/J1fMu1EnmZkEKQ aH0SCtgI
phf: come to think of it sybil is not the right word in this case, on application level there's no psuedonymity and you only talk to people in wot. on transport level an attacker can construct a valid looking (struct layout wise)
pgp packet, which in my naive spec implementation is handed over to gnupg. now you have a bunch of potential attack vectors here, but assuming there's no memory attacks in gnupg, race conditions in gpgme,
mircea_popescu: "come see what zimmerman thinks about encryption - a guy who admits to losing his
pgp key sometime in the 90s and doesn't see the problem with this"
a111: Logged on 2016-08-17 16:20 mircea_popescu: "I doubt this will ever happen. Even he never cracked any
PGP keys at all, the FUD he spread around was a nice way to get some free advertising. Look, people saying his name on gnupg and enigmail lists, which are quite popular I believe."
mod6: "the
PGP team at Symantec" << lel!
Framedragger: asciilifeform: apologies if i am mistaken here, but iirc phuctor was reported to have cracked some
pgp keys when at that point in time none of the keys cracked had valid self-sigs. the presentation from tmsr (trilema/phuctor) to me appeared to have overstated the results, so to speak. (but then later subkeys with valid selfsigs were found, iirc). this isn't a technical point, i suppose.
mircea_popescu: "I doubt this will ever happen. Even he never cracked any
PGP keys at all, the FUD he spread around was a nice way to get some free advertising. Look, people saying his name on gnupg and enigmail lists, which are quite popular I believe."
☟︎ Framedragger: ("random js
pgp crap" does not belong in the "(semi)sane software for dealing with openpgp" set)
mats: "BURCHARD used a program called GPG4USB, which automatically used Burchard's Pretty Good Privacy (
PGP) private key to decrypt messages sent to him from customers."
mircea_popescu: you may think you see whatever ; for all you know some guy "sees" the true meaning of
pgp signatures.
mircea_popescu: it has no fucking knobs. one step above
pgp'ing in a browser.
mircea_popescu: sedition consider registering your
pgp key with deedbot.
mod6: i guess to me, that meant clearsigning a
pgp signed message. guess i didn't try that.
shinohai: so buttfinex hacker told me he doesnt have a
pgp key -_-
phf: asciilifeform: it's an attack against a
pgp key consumer with a specially broken viewer. userid in this case tries very hard to account for specific set of circumstances (i'm seeing 4 vectors so far), and we're only matching for one, specifically fact that ben_vulpes doesn't sanitize his html.
_FeltPen: actually I mispoke. I meant BTC assets wiki (referred to wrong tab). Anyway, I'm having to refresh my memory on
pgp and wot etc. I forgot how good it is.
mircea_popescu: shinohai i'll take your word for it, srs. dun need screenshots in ma
pgp mircea_popescu: do consider making a
pgp key and registering it with deedbot
pete_dushenski: m your work email, and require a scan of either your passport or driver’s license. And you will comply." << y u no
pgp rita ?
a111: Logged on 2016-07-17 16:50 asciilifeform: Framedragger:
pgp. drop the 'I'.
Framedragger: asciilifeform: actually with
pgp you'll just end up trusting your much dreaded aes256 since openpgp will do the whole 'session' thing as you know
Joshua-I: What's the opinion on
pgp smart cards / yubikey around here
phf: well, there's a hack in comment.php, that wraps
PGP messages in <code> and that gets somehow rendered differently
a111: Logged on 2016-06-28 10:05 Framedragger: asciilifeform: but have you considered that there are fewer implementations for ssh (and the better part of the ssh servers in the wild run openssh), and more implementations for all kinds of broken
pgp? so it may simply be less likely to spot a badly generated ssh key.
Framedragger: asciilifeform: but have you considered that there are fewer implementations for ssh (and the better part of the ssh servers in the wild run openssh), and more implementations for all kinds of broken
pgp? so it may simply be less likely to spot a badly generated ssh key.
☟︎ mircea_popescu: an' seriously look into getting a
pgp key an' join the crowd. lotta cool stuff going on here, most of which entirely unrelated to your chosen profession.
mircea_popescu: incidentally, do you have a
pgp sig ? you can just register it here and self-voice
a111: Logged on 2016-06-16 15:41 asciilifeform: this incidentally is why phuctor had been a depressing thing for me. the thing i set out to find, i never found (evidence of diddled rng on
pgp users' boxes.)