riseup.net OpenPGP Best Practices article

Hauke Laging mailinglisten at hauke-laging.de
Thu Jun 26 22:35:40 CEST 2014


Am Do 26.06.2014, 16:06:25 schrieb Robert J. Hansen:

> Since it's possible to degrade the cipher preference to 3DES,
> we need to assume that's exactly what will happen.  (Your next
> objection is "How?". That's a non-sequitur right now.  I believe
> serious adversaries can do this because (a) there's no mechanism to
> prevent them from doing it,

You mean except for that you must be capable of forging a mainkey 
signature (if you don't control the sending system anyway in which case 
you don't need the key any more)?

I would say that if you think it's OK to just assume that signing is 
really broken why not also just assume that encryption is really broken 
(i.e. not offering those 112 bit by far)?

But I strongly support your main point. Whether anyone cares or not... 
;-)  I would like to put it (or one of the consequences) this way: 
Educating users is much more important than changing default settings. 

When I teach people I tell them that as a rule of thumb

10% of the overall security they get are provided by technology

60% of it come from their own knowledge

and the last 30% come from the discipline to really (not) do what you 
know you should (not) do.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140626/cd8049cb/attachment.sig>


More information about the Gnupg-users mailing list