pgpfan:wtmwp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
pgpfan:wtmwp [2022/01/18 22:27] – Need to use unicode horizontal bar for title. b.walzer | pgpfan:wtmwp [2022/01/28 17:48] (current) – Was not accurate/logical in context. b.walzer | ||
---|---|---|---|
Line 30: | Line 30: | ||
B268 0152 E274 EDE5 53C3 7C80 F80F A811 DE73 D33B | B268 0152 E274 EDE5 53C3 7C80 F80F A811 DE73 D33B | ||
- | The OpenPGP "key fingerprint" | + | The OpenPGP "key fingerprint" |
Now the post complains about the behaviour of GnuPG: | Now the post complains about the behaviour of GnuPG: | ||
Line 50: | Line 50: | ||
>//PGP Key IDs are also pretty terrible, due to the short length and continued support for the broken V3 key format.// | >//PGP Key IDs are also pretty terrible, due to the short length and continued support for the broken V3 key format.// | ||
- | A key ID is a sort of a nickname of a key fingerprint. By convention | + | A key ID is a sort of a nickname of a key fingerprint. By convention |
>//PGP key management sucks// | >//PGP key management sucks// | ||
Line 82: | Line 82: | ||
>Most of these issues are //not// exploitable unless you use PGP in a non-standard way, e.g., for [[http:// | >Most of these issues are //not// exploitable unless you use PGP in a non-standard way, e.g., for [[http:// | ||
- | So which issues //are// exploitable if you use PGP in a non-standard way? We are left to guess. That allows me to simply wave away the whole thing by claiming that //none// of the issues are exploitable, | + | So which issues //are// exploitable if you use PGP in a non-standard way? How non-standard are we talking here? Obviously anything can be misused if you work at it hard enough. |
The now dead link suggests that the instant messaging system example is XMPP. Off the top of my head, there is nothing in the ways that PGP is currently used over XMPP that would make any of the listed attacks work. | The now dead link suggests that the instant messaging system example is XMPP. Off the top of my head, there is nothing in the ways that PGP is currently used over XMPP that would make any of the listed attacks work. |
pgpfan/wtmwp.txt · Last modified: 2022/01/28 17:48 by b.walzer