thanks @solene for sharing your experience.
quite similar to www.passwordstore.org using #PGP key to protect text
Notices tagged with pgp
-
👣 ghose [:mastodon:] (xosem@mstdn.io)'s status on Wednesday, 02-Oct-2019 13:21:17 UTC ![👣 ghose [:mastodon:]](https://gnusocial.club/avatar/10436-48-20190924071152.jpeg)
👣 ghose [:mastodon:]
-
codesections (codesections@fosstodon.org)'s status on Thursday, 29-Aug-2019 22:27:17 UTC 
codesections
I've always thought that #pgp was pretty good, but I just came across this seemingly reasonable article that is *very* critical of it: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
The tldr:
* pgp has weak security options and code complexity for backwards compatibility with the 90s
* because of that, pgp is really easy to misconfigue with poor security
* pgp doesn't provide forward secrecy
* pgp encourages you to have one master key that you never change, instead of rotating
Any thoughts/rebuttals?
-
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 05:15:55 UTC 
Joshua Judson Rosen
That #Tails "use the WoT" download #verification guide is telling you to do 2 distinct things:
1) use #PGP WoT metrics to identify someone who is a Tails developer (but not AFAICT to identify that person *as* a Tails developer);
2) make a WoT-less leap from "this is Bob" to "Bob is verified as a Tails developer AND his signatures mean something".
In that "→A→B→C" chain of mixed ops, #WoT only takes you to B. -
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 04:49:32 UTC
Joshua Judson Rosen
That #PGP's #WoT metrics (supposedly) propagate through signature-chains is somehow basically an extremely popular #myth; "talks about WoT being all about arbitrarily-long multi-hop chains of trust" and "conflates #trust and #identity #certification" have been "understands-pgp-p" litmus tests for me since I realized how confused *I was myself* years ago, and they've never failed before. -
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Tuesday, 02-Jul-2019 12:12:09 UTC
Joshua Judson Rosen
Contrary to popular belief, "trust paths" are not actually a thing in #PGP. -
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 19:50:40 UTC
Joshua Judson Rosen
ALSO, I'm reminded that there was this other #HKP #keyserver released a few years ago, compatible w/ #SKS but written in #Golang, which might relieve some of "zomg unmaintainable!" problems with the SKS servers:Â https://hockeypuck.github.io/ !crypto #PGP #GnuPG -
Christmas Personified as a Catgirl (moonman@shitposter.club)'s status on Thursday, 04-Apr-2019 03:39:23 UTC 
Christmas Personified as a Catgirl
Going through my #PGP responses now, thanks to the girls who messaged me! -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 16-Feb-2019 05:03:40 UTC 
Mike Gerwitz
My defense of #PGP against the latest FUD article on HN:
https://news.ycombinator.com/item?id=19177064
I feel like most times I respond to something on HN it's because I don't give myself a cooldown period. Unfortunately, things on HN don't last long on the front page, so it incentivizes haste replies, or else people will never see the thread again. And that reduces discussion quality. I'm not pleased with the tone of my reply. -
PepeCyB (pepecyb@mastodonten.de)'s status on Saturday, 29-Sep-2018 15:09:25 UTC 
PepeCyB
HTML und eMail passt einfach nicht
Nachdem der „Efail-Skandal“ um PGP/GPG nicht wirklich gefruchtet hat und die (nicht in PGP/GPG, sondern in den Mailklienten) vorhandenen Probleme teilweise behoben wurden, macht jetzt ganz frisch eine neue „Horrormeldung“ die Runde. Es wird der Eindruck vermittelt, Signaturen könnten gefälscht werden. Golem titelt z. B. OpenPGP/[...]
https://pepecyb.hu/2018/09/29/html-und-email-passt-einfach-nicht/
-
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Friday, 28-Sep-2018 20:37:05 UTC
Joshua Judson Rosen
With the sudden realization that #Enigmail has been able to decrypt #email permanently upon reception for the last 3 years, I'm excited about using #PGP #crypto w/ #Enigmail again! But, oh, just in time for me #Mozilla broke Enigmail in #Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909000 #ugh -
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Friday, 28-Sep-2018 20:22:38 UTC
Joshua Judson Rosen
Holy crap! "Since version 1.8, Enigmail can decrypt mails permanently." https://enigmail.net/index.php/en/faq-en?view=topic&id=15 #enigmail #pgp #crypto -
infosec-handbook.eu (https://mastodon.at/users/infosechandbook)'s status on Monday, 21-May-2018 04:30:42 UTC 
infosec-handbook.eu
Thunderbird update 52.8 which addresses Efail partially is available:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/
See also: https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
#thunderbird #mozilla #update #efail #pgp #gpg #smime #security #infosec #cybersecurity
-
Dr. Roy Schestowitz (罗伊) (schestowitz@gnusocial.de)'s status on Thursday, 17-May-2018 09:28:34 UTC 
Dr. Roy Schestowitz (罗伊)
"It looks like the EFF's strategy is to just ignore what they did until things blow over and the Net forgets as it will." -Friend this morning.
#eff #EFFFail #efail #pgp #gpg #gnupg #freesw #encryption -
Alex (arx@mastodon.zaclys.com)'s status on Monday, 14-May-2018 12:39:06 UTC 
Alex
I don't get it... this #efail / #gpg / #pgp / #smime thing is all over German media (e.g. here: http://www.tagesschau.de/inland/e-mail-verschluesselung-101.html) even though it is totally irrelevant for 99% of people, as almost no one is using PGP encryption for his/her mails anyways and the few that do will most likely have disabled HTML emails (or at least loading of remote content).
It would be much more proportional to write a *shocker* article every single day about how almost all emails are sent with no e2e encryption at all.
-
Klaus Jónsson Zimmermann (alternative acc) (kzimmermann2@gnusocial.club)'s status on Thursday, 10-May-2018 19:49:13 UTC 
Klaus Jónsson Zimmermann (alternative acc)
I don't understand why some XMPP clients are phasing out #OTR from their #encryption modes, yet still provide #PGP despite the fact that it doesn't implement forward secrecy.
Have we decided that multiple device messaging is a greater priority than security against offline captured message analysis? Also, don't forget that most XMPP clients still only offer OTR as encryption capability.
I'm looking at you, #Conversations. -
Andrey Markov (markov@gs.kawa-kun.com)'s status on Tuesday, 20-Mar-2018 14:40:12 UTC 
Andrey Markov
Today I had a firsthand experience on teaching someone how to use encrypted email. TL;DR: #PGP is in a horrible state of usability, yet this should not stop you from teaching other people about the principles of and security. -
Klaus Jónsson Zimmermann (kzimmermann@quitter.se)'s status on Monday, 26-Feb-2018 02:41:07 UTC 
Klaus Jónsson Zimmermann
Just saw #Vivaldi Webmail has now an option for you to upload your private #PGP key there. I wonder if anyone falls for this security BS. -
Andrey Markov (markov@gs.kawa-kun.com)'s status on Thursday, 15-Feb-2018 15:40:15 UTC
Andrey Markov
dear , have any of you received a mail for a #gpg #pgp survey by the Oxford Internet Institute? -
Spoon (spoon@freeradical.zone)'s status on Thursday, 18-Jan-2018 17:44:47 UTC 
Spoon
#introduction. Joined this instance by referral. Student of #privacy technology in its many forms, and generally of civil rights online. Lover of #libraries; enemy of CYBERCRUD. Run #OpenBSD, #Debian---when I want a trusted opinion, I pipe to cowthink. #philosophy #ai #crypto #blockchain #floss #libre #pgp #gpg #gnu.
-
Andrey Markov (markov@gs.kawa-kun.com)'s status on Tuesday, 02-Jan-2018 07:40:12 UTC
Andrey Markov
Today I had a firsthand experience on teaching someone how to use encrypted email. TL;DR: #PGP is in a horrible state of usability, yet this should not stop you from teaching other people about the principles of and security.
All GNU Social Club content and data are available under the