logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 74677757348e63f2a38fdb2b4c7aea8235f46ca5
parent 855c0e6f8b87709d3d9e529000b1fc407a8fdeea
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  7 Mar 2019 02:06:04 +0100

articles/Pretty Bad Privacy: New Draft Article

Diffstat:

Aarticles/Pretty Bad Privacy.shtml15+++++++++++++++
Aarticles/Pretty Bad Privacy.xhtml22++++++++++++++++++++++
Mfeed.atom11+++++++++++
Mhome.shtml1+
4 files changed, 49 insertions(+), 0 deletions(-)

diff --git a/articles/Pretty Bad Privacy.shtml b/articles/Pretty Bad Privacy.shtml @@ -0,0 +1,15 @@ +<!DOCTYPE html> +<html lang="en"> + <head> +<!--#include file="/templates/head.shtml" --> + <meta property="og:type" content="article"/> + <meta property="og:title" content="Pretty Bad Privacy"/> + <title>Pretty Bad Privacy — Cyber-home of lanodan</title> + </head> + <body> +<!--#include file="/templates/en/nav.shtml" --> +<!--#include file="/articles/Pretty Bad Privacy.xhtml"--> + <a href="/articles/Pretty%20Bad%20Privacy">article only(plain XHTML)</a> +<!--#include file="/templates/en/footer.html" --> + </body> +</html> diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml @@ -0,0 +1,22 @@ +<article lang="en"> +<a href="/articles/Pretty%20Bad%20Privacy"><h1>Pretty Bad Privacy</h1></a> +<span class="warn">This article is in early drafting process, made public so I get comments and more people can be aware</span> +<dl> + <dt>OpenPGP</dt> + <dd>Pretty Good Privacy standard, derives from the original PGP implementation</dd> + <dt>GnuPG / GPG</dt> + <dd>Gnu Privacy Guard, main/only implementation of OpenPGP</dd> +</dl> +<h2>OpenPGP standard</h2> +<p>The OpenPGP standard mandates that some ciphers must be present in the implementation, they are now broken and well known to be (<abbr title="As Far As I Remember">AFAIR</abbr> it’s stuff like SHA1, 3DES, …).</p> +<p>It leaks a pile of metadata (time, implementation name+version, …)</p> +<p>There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on</p> +<p>Your public key/identity <strong>will</strong> end up on the keyservers at some point, no exception.</p> +<h2>OpenPGP in real life</h2> +<p>Real Name policy and other stuff that should be optionnal in the Public Key Verification process (An ID card? Seriously?).</p> +<h2>See also</h2> +<ul> + <li><a href="https://blog.patternsinthevoid.net/pretty-bad-protocolpeople.html">Pretty Bad {Protocol,People}</a></li> + <li><a href="https://neopg.io/">NeoPG</a>, a fork of GnuPG, found SigSpoof probably more to come</li> +</ul> +</article> diff --git a/feed.atom b/feed.atom @@ -10,6 +10,17 @@ </author> <entry> + <title>Pretty Bad Privacy</title> + <link rel="alternate" type="text/html" href="/articles/Pretty%20Bad%20Privacy"/> + <id>https://hacktivis.me/articles/Pretty%20Bad%20Privacy</id> + <published>2019-03-07T01:00:04Z</published> + <updated>2019-03-07T01:00:04Z</updated> + <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> +<!--#include file="/articles/Pretty Bad Privacy.xhtml"--> + </div></content> + </entry> + + <entry> <title>AtlASSian: The Bullshit Factory</title> <link rel="alternate" type="text/html" href="/articles/AtASSian"/> <id>https://hacktivis.me/articles/AtASSian</id> diff --git a/home.shtml b/home.shtml @@ -6,6 +6,7 @@ </head> <body> <!--#set var="transPageUrl" value='accueil' --><!--#set var="feedURL" value='/feed.atom'--><!--#include file="templates/en/nav.shtml" --> +<!--#include file="/articles/Pretty Bad Privacy.xhtml"--> <!--#include file="/articles/AtASSian.xhtml"--> <!--#include file="/articles/I’m removing defaults to eternal cryptographic signatures.xhtml"--> <!--#include file="/articles/Email to graphics-dev@chromium.org about nouveau blacklisting.xhtml"-->