riseup.net OpenPGP Best Practices article
Hauke Laging
mailinglisten at hauke-laging.de
Thu Jun 26 22:35:40 CEST 2014
Am Do 26.06.2014, 16:06:25 schrieb Robert J. Hansen:
> Since it's possible to degrade the cipher preference to 3DES,
> we need to assume that's exactly what will happen. (Your next
> objection is "How?". That's a non-sequitur right now. I believe
> serious adversaries can do this because (a) there's no mechanism to
> prevent them from doing it,
You mean except for that you must be capable of forging a mainkey
signature (if you don't control the sending system anyway in which case
you don't need the key any more)?
I would say that if you think it's OK to just assume that signing is
really broken why not also just assume that encryption is really broken
(i.e. not offering those 112 bit by far)?
But I strongly support your main point. Whether anyone cares or not...
;-) I would like to put it (or one of the consequences) this way:
Educating users is much more important than changing default settings.
When I teach people I tell them that as a rule of thumb
10% of the overall security they get are provided by technology
60% of it come from their own knowledge
and the last 30% come from the discipline to really (not) do what you
know you should (not) do.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140626/cd8049cb/attachment.sig>
More information about the Gnupg-users
mailing list