logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 62a3fc29831eade2fe66be7ed94cc14d75062345
parent 4084c184a8a5f33b59c2139c06dec73882563246
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Tue, 30 Jul 2019 16:50:46 +0200

articles/Pretty Bad Privacy: + Web-of-Trust vuln to spam

Diffstat:

Marticles/Pretty Bad Privacy.xhtml5+++++
1 file changed, 5 insertions(+), 0 deletions(-)

diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml @@ -134,6 +134,7 @@ Compression: Uncompressed, ZIP, ZLIB, BZIP2 <p>There is no forward secrecy</p><!-- FIXME: seems to be for online apps or similar, not email; to be verified --> <h2>OpenPGP in real life</h2> <p>Real Name policy and other stuff that should be optionnal in the Public Key Verification process (An ID card? Seriously?).</p> +<p>The keyservers/Web-of-Trust is architecturaly vunerable to a DoS by spam. <a class="ref" href="#ref-keyservers.md">keyservers.md</a></p> <h2 id="keybase">Bonus: Keybase is a fuck</h2> <p>Keybase is what you get when you want crypto (just the math), but you do not care about security (they are called secrets for a reason) or privacy (social-media with a cryptographically verified graph that lives forever…).</p> <ul> @@ -150,5 +151,9 @@ Compression: Uncompressed, ZIP, ZLIB, BZIP2 <li><a href="https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html">[tor-talk] Why the Web of Trust Sucks</a></li> <li><a href="https://sweet32.info">Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN</a>, which Triple-DES and Blowfish are vulnerable to</li> </ul> +<h2>References</h2> +<ul> + <li><a name="ref-keyservers.md" href="https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f">SKS Keyserver Network Under Attack</a> by <a href="https://gist.github.com/rjhansen">Robert J. Hansen</a></a> +</ul> <p><a href="https://queer.hacktivis.me/notice/9gVn61L9VGPosmXRQG">Fediverse post for comments</a></p> </article>