logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 7753fe691139166b1ab95bcf5c51b7182a19f1c2
parent 8c6eef0da2c321e5b5395e54af7059eebe7302fb
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  7 Mar 2019 03:07:26 +0100

articles/Pretty Bad Privacy: Add blockquotes from RFC4880

Diffstat:

Marticles/Pretty Bad Privacy.xhtml60+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml @@ -8,7 +8,65 @@ <dd>Gnu Privacy Guard, main/only implementation of OpenPGP</dd> </dl> <h2>OpenPGP standard</h2> -<p>The OpenPGP standard mandates that some ciphers must be present in the implementation, they are now broken and well known to be (<abbr title="As Far As I Remember">AFAIR</abbr> it’s stuff like SHA1, 3DES, …).</p> +<p>The OpenPGP standard mandates that some ciphers must be present in the implementation, they are now broken and well known to be. (<abbr title="As Far As I Remember">AFAIR</abbr> it’s stuff like SHA1, 3DES, …).</p> +<blockquote> +9.1. Public-Key Algorithms + +ID Algorithm +-- --------- +1 - RSA (Encrypt or Sign) [HAC] +2 - RSA Encrypt-Only [HAC] +3 - RSA Sign-Only [HAC] +16 - Elgamal (Encrypt-Only) [ELGAMAL] [HAC] +17 - DSA (Digital Signature Algorithm) [FIPS186] [HAC] +18 - Reserved for Elliptic Curve +19 - Reserved for ECDSA +20 - Reserved (formerly Elgamal Encrypt or Sign) +21 - Reserved for Diffie-Hellman (X9.42, + as defined for IETF-S/MIME) +100 to 110 - Private/Experimental algorithm + +Implementations MUST implement DSA for signatures, and Elgamal for +encryption. […] +9.2. Symmetric-Key Algorithms + +ID Algorithm +-- --------- +0 - Plaintext or unencrypted data +1 - IDEA [IDEA] +2 - TripleDES (DES-EDE, [SCHNEIER] [HAC] - + 168 bit key derived from 192) +3 - CAST5 (128 bit key, as per [RFC2144]) +4 - Blowfish (128 bit key, 16 rounds) [BLOWFISH] +5 - Reserved +6 - Reserved +7 - AES with 128-bit key [AES] +8 - AES with 192-bit key +9 - AES with 256-bit key +10 - Twofish with 256-bit key [TWOFISH] +100 to 110 - Private/Experimental algorithm + +Implementations MUST implement TripleDES. […] +9.4. Hash Algorithms + +ID Algorithm Text Name +-- --------- --------- +1 - MD5 [HAC] "MD5" +2 - SHA-1 [FIPS180] "SHA1" +3 - RIPE-MD/160 [HAC] "RIPEMD160" +4 - Reserved +5 - Reserved +6 - Reserved +7 - Reserved +8 - SHA256 [FIPS180] "SHA256" +9 - SHA384 [FIPS180] "SHA384" +10 - SHA512 [FIPS180] "SHA512" +11 - SHA224 [FIPS180] "SHA224" +100 to 110 - Private/Experimental algorithm + +Implementations MUST implement SHA-1. Implementations MAY implement +other algorithms. MD5 is deprecated. +</blockquote><cite><a href="https://tools.ietf.org/html/rfc4880">RFC4880</a>, November 2007</cite> <p>It leaks a pile of metadata (time, implementation name+version, …)</p> <p>There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on</p> <p>Your public key/identity <strong>will</strong> end up on the keyservers at some point, no exception.</p>