logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 73ca4d974f8ec2683485d8865723d3f9d268a828
parent 1b62d0e8d9263113a3159a4384e9346737007e02
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  7 Mar 2019 08:32:00 +0100

articles/Pretty Bad Privacy: GnuPG w/o broken ciphers note, mention tinyssh as example


Diffstat:


Marticles/Pretty Bad Privacy.xhtml1+


1 file changed, 1 insertion(+), 0 deletions(-)

diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml
@@ -79,6 +79,7 @@ Implementations MUST implement SHA-1.  Implementations MAY implement
 other algorithms.  MD5 is deprecated.</pre></blockquote>
 <cite><a href="https://tools.ietf.org/html/rfc4880">RFC4880</a>, November 2007</cite>
 <p>Some additionnal ciphers got added later on, but this basically mean that you cannot be sure that a OpenPGP message you sent wasn’t done in more-or-less plaintext. DES was broken by the EFF in 199x, 3DES is basically now on about the same size (NIST: 80 bits of security) but computing power got much better, SHA1 was probably still known as okay but could be better (as SHA2 was already a thing), DSA was probably not now enough as good to be hardcoded, no idea for Elgamal.</p><!-- FIXME -->
+<p>I tried few years ago to build a GnuPG without support for theses broken ciphers, and I failed doing so. One can note that SSH requires 3DES-CBC, but it can be disabled or non-implemented (<a href="https://tinyssh.org/">tinyssh</a>).</p>
 <blockquote><pre>
 13.4.  Plaintext