PGP thread

[hatt]

Any interest?
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.14 (GNU/Linux)

hQIOA93lLrnv2qSJEAf+Jzx9ypNLX10BekSBpnUEFQnKBnvEJjGkpAcWHPOVX8Av
+SSj5KbQng46Yp+lzsDarDqfa0+35DR6LcqZmCpwRxC8kH5wahDP3b3f2TnLMWoi
rlihGAGZF0mNyEQJfHE1GbnSIB3zzw7hLCqkltoFe7gh8iRAMOZJswflVK7AYTMw
pIKynHZnzLR45u27HDrEFoNjTeDjD+eowp6OMbHRKF/y2aHPJs2Hj0XBY/JAAZiX
lcp4PPdyOtXE+SvG9O0XHu2noA2rPLRXy0D9S40+YQDGnD1YTZGBl7qpAU7uYBkN
WpH/QO9jox6Y0V7+aWseVwmxtWfc306gAehW3zzbuwf+PfUxVCNtaf8kTaSSTRZg
lQkXDMjcBqhnDTZt6yqMHlxNl9ijy8sO0dUbAWxMGHuxdh+z1ICcnZZenzJej55q
fQdXvUubPzaS30/8o3KVrbfGntAEGePMyNJ9r+FYfmlWEUS/LqC+JIGzMowd0LdU
Y2gUFvdN6WIfGyTma3aY8jqH31WH61gMJABw+CmnaJVy00e6qFf399KaFqpaP78V
jKD1K2XCWFoDZWZsVYqWg43UXe4OZ9gI+17Q06cA57mSF1oDBDc7cEajRojr8BRb
UxsKyV22QT1M1UimnjMR/lVC5UNToNCELFoX0zoTZeuGUrPJMIPAMtVX86aT/cFb
ttJmAUpUgRzAiI9pb0Z0Kz6TDJkG3WLcoexpwZqAdBtQLH89orq1LHx3mEazijLQ
+cJgnJ1IJbZa1xjORJ2pkeVb1q5OKoCulMdzbwZJXFkI+XX3Ym00gGJj7brW0HpS
9CIX1A6cYuEO
=HZvQ
-----END PGP MESSAGE-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.14 (GNU/Linux)

mQMuBFNGyNERCACE6nFlp3eI2G9IJCHsYuZOIW8IQXQ5OXWjkFi+lZLJ3+wmoo2Q
mP3q/B7P5wmPST5N8UQd3ynvGmNnsiMexjNjB9SdbP3QZ7IujAvmqi+5huZ7a/qT
r79wOAlx4m/i+czbr2YvGcZDPLWnrvrnmqAnjnTMVx+yK51aCqOsL7MvQAe1xFkh
Uslkigw1Z+p5XcihSXuimPy0SEMYv2q2XjVIIzNl4dxXufzIEuLJ2zZgsNT74AJg
pvhl+Be7ZB3NLu8nSm/Ym4Cy/ZHvWKwIuhWtb5xikhJjEjlOcFBTMXVmz1p1rPfV
TqF9dYyvs/nvfdrvjt0Ht2bOIsT9jAPATqTDAQDWTpjytGPAj9AtS/ODmjV3uQdb
d1R6myrEFiLuXMJsEwf+MIDnr3n1tMUqAdwA5hxRMfyfsAxrqFzAocPzJ9aD7Lry
aslkmMZgYWrS898w1yahfkk2vXdO0+K5HfGjNo9FX3Y376aVTSSDy4Cbz6toNvRD
D+n4XyhoCxuhGNno8nK/4vnT9i0JpMNoWpe/ijQaHO2RGW73+FvuAsFgbHRHKgW1
rxHRqRk4URyH5DzkTSp8eZgendZ2Bi71QCOnm8zk54WDVWsuvjUnFIc8UHDoz4c1
sewbkScliTzGLMPqqdAzHZa+kN3PWI4j99wICcawu2I90tR5j0d1/J8Z4rViqJs1
QOXXj/KX5tSfKdxLItYU9ZgrUCnG/ANza5ab5MXU2wf/b74krYLVnx+XyjmDsAte
diqlh2daMBKEwL0pnq+9tFbv5xobNusTfNycQJ6YGeoJ3dAmfr0c1MujNiH2xlxS
HigHiaicW/jih9CwItXYHfGaGZNqxsDt/4jq774AboE4zRJ52MsM/PH2Tag6cIgk
Tz07aUHzIMYLMsnuDI2xtv07PF9xNvfGubz8BsRPVuIyE46SWxz+6TtWFH55goUd
/WN4TNKbdE75jvUb1oH0u/pI1AnhygQJRc1b2XkOtHeRmDwVQT9fVACDr2agm/NM
PBviyao10upo/CPj83clouEqXk+FDicsPN5T5M8cD9qi1CiiHvZo3tFzfQXNfQs/
hLQbaGF0dDYxMCA8aGF0dDYxMEB5YWhvby5jb20+iHoEExEIACIFAlNGyNECGyMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOx5/iv+bQKIEasA/28ol5lEyxck
mGRtavJmmg+T/4XZBTOhsCiNcDP+4q36AQCNZzls2e2KOK10aky9T5c0hPQdGnoH
bRTWRuQSNY0YXrkCDQRTRsjREAgA3PyL/gkuByn5mxBNiHuELK6QDLx+i54zHvJL
Fklgu1hXzXNrnICABVTy7V3YI0ciYtQbrBuJ1dKmAyp+X7pK7VZCumLXR25OB9HL
OYrP9bXFKlqKaj35L+cWBaW4GvpOmH9ZxLRM+8ft82Hop7gGsRQqaHrk8L8VMOCM
q8vpnPGxGC4/o+dnup54kAXb48QbM33J5XxLY97Eo0mlgdKpabXhKDDi0C0klshW
Kk76TVusybhMQb4TYnTBge+zJcDyauPvj5gkvRUnLRca0INgOpk1eTjh0l7FD+bu
i5qCCg6PcdPmAvxBjS6rNV2zYA8E1aT8BjsYzZNLtPZF4voizwADBQf9FXicJSx9
FvmO7Dvucp2FWvVgIEwsG9gxrFd2NZSnMytBJ8Wt01hdQ4AdEt1mXh2zbNtJqgSi
vIIqMtI/xLywjRBPF0eOxCLUS8Arj14dThGYHznN3wUwSveAg2Na8U/y8RpegGBS
VKn+B5TmKp31HILLc6f2+fdxZi2AOjBO/5dyTIiNHf3iN42LiCxk1zs4/3ahDZmj
EB9JU69DGtiQfwJGgVRhELfyegsk29SqOmM393qoUIOFusS4anBY/92n6Hi/bOSa
2FlTmnlfbDj2VENphot4xM4fLNxhDySjmXbouwS4J2SAUofR0W0XALfxgZFPyEHf
mfX4TyV78Zruq4hhBBgRCAAJBQJTRsjRAhsMAAoJEOx5/iv+bQKIWv0A/i6loP7U
ArO8k7h3O7AySAL+0t6NK4mac7M8XiJXNZl1AP92Zv9DwQRtCcYc8eB+C+k5/hGt
nrOQGtm9eOiy/pHniA==
=gnoG
-----END PGP PUBLIC KEY BLOCK-----

 

[SatinSilver]

Originally Posted By: hatt
Any interest?


Not really.

 

[Oldmoparguy1]

who cares?

 

[hatt]

Originally Posted By: Oldmoparguy1
who cares?
Guess you guys missed the news that .gov has the ability to look at everything you send.

 

[Hokiefyd]

Sprechen Sie Englisch?

 

[Kira]

Hello, Please explain what this "PGP thread" is supposed to be. I assume it's some kind of command.....which is to be entered where?

Is it a program? Kira

 

[OVERKILL]

Originally Posted By: Kira
Hello, Please explain what this "PGP thread" is supposed to be. I assume it's some kind of command.....which is to be entered where?

Is it a program? Kira


PGP is "Pretty Good Privacy" and is a mechanism primarily leveraged for securing e-mail communication.

 

[uc50ic4more]

What a great idea! I have no idea how easy it is to set up PGP or even if (the F/LOSS version called) GPG is available to set up on Windows; but I think we'd all be a bit better off if encrypting our communications was standard procedure.

Having said that, public internet discussion forums might be best regarded as "public communications" and you should probably avoid saying anything that you do not want the Gestapo, Stasi or NSA to know about.

I just finished reading an article terrifying titled "Julian Assange: Debian is owned by the NSA" here: http://igurublog.wordpress.com/2014/04/08/julian-assange-debian-is-owned-by-the-nsa/

Yikes. Yikes. Yikes.

 

[hatt]

Quote:
but I think we'd all be a bit better off if encrypting our communications was standard procedure.
Yep. If you encrypt everything, or at least often, you slow down the machine from blanket data collection on everyone back to targeted collection on bad guys they should have been doing the whole time. In any event it's a skill everyone should have.

 

[LazyPrizm]

Originally Posted By: hatt
Any interest?
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.14 (GNU/Linux)

hQIOA93lLrnv2qSJEAf+Jzx9ypNLX10BekSBpnUEFQnKBnvEJjGkpAcWHPOVX8Av
+SSj5KbQng46Yp+lzsDarDqfa0+35DR6LcqZmCpwRxC8kH5wahDP3b3f2TnLMWoi
rlihGAGZF0mNyEQJfHE1GbnSIB3zzw7hLCqkltoFe7gh8iRAMOZJswflVK7AYTMw
pIKynHZnzLR45u27HDrEFoNjTeDjD+eowp6OMbHRKF/y2aHPJs2Hj0XBY/JAAZiX
lcp4PPdyOtXE+SvG9O0XHu2noA2rPLRXy0D9S40+YQDGnD1YTZGBl7qpAU7uYBkN
WpH/QO9jox6Y0V7+aWseVwmxtWfc306gAehW3zzbuwf+PfUxVCNtaf8kTaSSTRZg
lQkXDMjcBqhnDTZt6yqMHlxNl9ijy8sO0dUbAWxMGHuxdh+z1ICcnZZenzJej55q
fQdXvUubPzaS30/8o3KVrbfGntAEGePMyNJ9r+FYfmlWEUS/LqC+JIGzMowd0LdU
Y2gUFvdN6WIfGyTma3aY8jqH31WH61gMJABw+CmnaJVy00e6qFf399KaFqpaP78V
jKD1K2XCWFoDZWZsVYqWg43UXe4OZ9gI+17Q06cA57mSF1oDBDc7cEajRojr8BRb
UxsKyV22QT1M1UimnjMR/lVC5UNToNCELFoX0zoTZeuGUrPJMIPAMtVX86aT/cFb
ttJmAUpUgRzAiI9pb0Z0Kz6TDJkG3WLcoexpwZqAdBtQLH89orq1LHx3mEazijLQ
+cJgnJ1IJbZa1xjORJ2pkeVb1q5OKoCulMdzbwZJXFkI+XX3Ym00gGJj7brW0HpS
9CIX1A6cYuEO
=HZvQ
-----END PGP MESSAGE-----

...and what are those of us without access to the private key for ID=EFDAA489 supposed to do with that first part?

 

[rjundi]

Government can still read it if they want to. Just takes longer.

 

[uc50ic4more]

Originally Posted By: rjundi
Government can still read it if they want to. Just takes longer.


PGP, which ironically stands for "Pretty Good Privacy" has actually turned out to be one of the hardest encryption schemes to break. While it may theoretically be true that some nefarious government agency could expend untold resources trying to decrypt a PGP-encrypted message, the deterrent is certainly there.

It is one thing to be horrified at what our governments do, that we would think only "bad guy" governments do to their people; but we have to remember sometimes that as omnipresent as we come to believe the NSA, etc. are, they are still a tiny little blip compared to the ocean of information out there in the internet. The NSA is still staffed with human nerds who are probably frustrated with their funding and hardware and have to struggle very hard and draw on all of their resources, both computational and conceptual, to do these things: Being a police state ain't easy; and I'll bet they do their best to grab at "low-hanging fruit" simply because trying to decipher what some non-known terrorist said on a motor oil forum is not worth 3 days of their super-computer time.

 

[hatt]

Originally Posted By: LazyPrizm

...and what are those of us without access to the private key for ID=EFDAA489 supposed to do with that first part?

Obviously you can't do anything with it. The idea was to get people interested in learning how to use PGP a place to practice. Clearly by the responses so far, a bad idea.

 

[uc50ic4more]

Originally Posted By: hatt
Originally Posted By: LazyPrizm

...and what are those of us without access to the private key for ID=EFDAA489 supposed to do with that first part?

Obviously you can't do anything with it. The idea was to get people interested in learning how to use PGP a place to practice. Clearly by the responses so far, a bad idea.


No, man - Great idea; will take time for it's value to become apparent to those unaccustomed to it.

 

[spackard]

A book I've read 4 chapters of so far that I like is:
Implementing SSL / TLS Using Cryptography and PKI (Davies, Joshua)

I've read several different sources for SSL (starting years ago with X.400 email and X.500 directories), so not my first attempt. I'm into chapter 5, having to do with certificates. That said, I can't figure out why almost every book that teaches how to use openssl seems to differ dramatically with how a company recommends cutting a certificate. But it's nice that I can finally clearly see the different parts.

LDAP's still a bit of a mystery. I turned on debugging on Centrify and logged in, then logged out. It generated 68 pages of debugging info, which I read. I don't know why a login became such a complicated thing.

 

[Garak]

Originally Posted By: uc50ic4more
What a great idea! I have no idea how easy it is to set up PGP or even if (the F/LOSS version called) GPG is available to set up on Windows; but I think we'd all be a bit better off if encrypting our communications was standard procedure.

I was doing it on Windows many, many years ago, and even had the pleasure of discussing things with Phil Zimmerman himself. I've had it set up (or its open source descendants on Linux and for others on Windows) since the late 1990s.

And for those stating that the government can decrypt PGP, don't count on it. There have been plenty of stories as to how government agencies handle PGP, including in case law, and it isn't with backdoors, brute force, or a weakness in the algorithm. They deal with the real weakness - the user. They'll get a sealed court order to log your keystrokes, then they can take the private key, and with the passphrase they've recorded, your security is history.

 

[Garak]

I was doing some thinking on the issue and this thread popped back into my head. Any of us who are using Mint may run into some PGP issues. If you're having failures, and getting weird error messages, or more likely, no error messages, let me know, and I'll help out. In at least some versions of Mint, permissions are set wrong in some of the directories and the GUI doesn't give a proper error code to diagnose the error.

So, if anyone in Mint (or perhaps Ubuntu; I don't know if the error originated there) is having issues with encryption, don't give up without asking here first.