commit: 357e867d8c535dc311e03cf647e75968d910f2f6
parent 7753fe691139166b1ab95bcf5c51b7182a19f1c2
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 7 Mar 2019 03:08:40 +0100
articles/Pretty Bad Privacy: <pre/> on RFC4880
Diffstat:
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml
@@ -9,7 +9,7 @@
</dl>
<h2>OpenPGP standard</h2>
<p>The OpenPGP standard mandates that some ciphers must be present in the implementation, they are now broken and well known to be. (<abbr title="As Far As I Remember">AFAIR</abbr> it’s stuff like SHA1, 3DES, …).</p>
-<blockquote>
+<blockquote><pre>
9.1. Public-Key Algorithms
ID Algorithm
@@ -65,8 +65,7 @@ ID Algorithm Text Name
100 to 110 - Private/Experimental algorithm
Implementations MUST implement SHA-1. Implementations MAY implement
-other algorithms. MD5 is deprecated.
-</blockquote><cite><a href="https://tools.ietf.org/html/rfc4880">RFC4880</a>, November 2007</cite>
+other algorithms. MD5 is deprecated.</pre></blockquote><cite><a href="https://tools.ietf.org/html/rfc4880">RFC4880</a>, November 2007</cite>
<p>It leaks a pile of metadata (time, implementation name+version, …)</p>
<p>There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on</p>
<p>Your public key/identity <strong>will</strong> end up on the keyservers at some point, no exception.</p>
diff --git a/feed.atom b/feed.atom
@@ -14,7 +14,7 @@
<link rel="alternate" type="text/html" href="/articles/Pretty%20Bad%20Privacy"/>
<id>https://hacktivis.me/articles/Pretty%20Bad%20Privacy</id>
<published>2019-03-07T01:00:04Z</published>
- <updated>2019-03-07T01:54:33Z</updated>
+ <updated>2019-03-07T02:08:40Z</updated>
<content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<!--#include file="/articles/Pretty Bad Privacy.xhtml"-->
</div></content>
