How to make wise use of public key cryptography

The correct usage of GnuPG (public key cryptography) is to offer a download link of your public key in every channel you communicate and also include your full fingerprint on your business card. It doesn't make sense in this combination to distribute either your key ID or your fingerprints electronically, because it opens up all kinds of bad practices involving trusting the unverified and confusion.

Key servers and the web of trust itself erodes your privacy as your social relationships are publicly revealed, and your e-mail address is also opened up for easy spamming. However, a key server does make initial contact easier if you forgot to provide a link on the business card and it also enables key updates if you do use the web of trust by mutual key signing. No single solution is perfect for everybody.

Note that both the PGP protocol and GnuPG internally reference a so-called 64-bit long key ID, however many tutorials erroneously use only the short key ID instead. Also note that a given short and long key ID is usually the last 8 or 16 characters of the respective fingerprint.

gpg --list-keys --with-colon
gpg --fingerprint


...

"Using modern GPUs, we have found collisions for every 32bit key id in the WOT's (Web of Trust) strong set. Although this does not break GPG's encryption, it further erodes the usability of GPG and increases the chance of human error." - https://evil32.com/

Comments

Post a Comment

Popular posts from this blog

Tftp secret of TL-WR740N uncovered

I've found out that even this particular entry level router supports anti-bricking, so there's no need for soldering, unless of course you are modding. The method I used is the following: Set up a tftp server  on your PC and verify if it works correctly (configuration, permissions, firewalls, etc.) Rename your target firmware to wr740v4_tp_recovery.bin and copy it to your base folder (by default /tftpboot). I tested with openwrt-ar71xx-generic-tl-wr740n-v4-squashfs-factory.bin r43602. Set up the following static IP for your PC: 192.168.0.66 /255.255.255.0. If you're not sure about the firmware name on a different model, start a packet sniffer on your PC ( tcpdump -i eth0 -n -l ) and look for the name in the RRQ message. Preferably disconnect WAN from the router Connect the PC to a LAN port Power off the router Press and hold the reset button Power on the router After the leftmost (power) LED and the rightmost (padlock) LED turn on alone in a few seconds, release
Read more

Hidden TFTP of TP-Link routers

I did some more investigation after the positive results with the TL-WR740Nv4  (click the link to get introduced to the way of recovery). Most users report that devices and firmware updates released after a point in time usually have this mode enabled. If a firmware update is available from the vendor for your device, it's a good idea to apply that update before installing OpenWRT or dd-wrt UNLESS you own something for which upgrading will ensure incompatible with OpenWrt, like a TL-WR730N , and possible some other models (please report). Note that some old models have newer updates in different languages, those may also be worth a try ( TODO : compatibility?). Also remember that later on, tftp recovery will need a type of firmware image without a boot loader, so strip it with dd if yours has it ( grep U-Boot , or check the filename). Positive reported claims so far (personal results highlighted): TL-WDR4300 router 192.168.0.86 server 192.168.0.66 query wdr4300v1_tp_recovery.b
Read more

Haskell for embedded: C output, compilers, monads, Timber

Tricks to use Haskell for developing embedded systems: Re: [Haskell-cafe] compilation to C, not via-C - question involving if you could output prettier C (answer: YHC/LHC or monadic generators) CUFP 2008 Program - see Controlling Hybrid Vehicles with Haskell by Tom Hawkins, Eaton Corporation TIMe - eMBEdded - Reactive - a promising O'Haskell inspired strict embedded research language
Read more