Everything happens for a reason, except possibly football.
[Quote] Das ganze Konzerndrama begann damit, dass die Commerzbank auf der Computerfestplatte eines entlassenen Mitarbeiters seltsame Dokumente entdeckte. [Quote]
Aus dem Spiegel-Artikel “Im Netz der Spinne” über den Rücktritt von peter Hartz aufgrund der VW-Affäre.
Und was lernen wir daraus? Man sollte seine Daten verschlüsseln und wenn man sie nicht mehr braucht, löschen. Ich glaube, man nennt das Datensparsamkeit.
Edited on Jul 10th 2005, 11:24 by jeck
changes his password.
*sigh*
Nur für den Fall, das Sie Ihre E-Mails noch nicht verschlüsseln. Klicken Sie bitte hier und lesen Sie den Artikel “Lieber auffallen: Schluss mit den Ausreden gegen Verschlüsselung”.
Vielen Dank.
Found via /.:
Hooray! I’m full of criminal intentions to! If you wanna join me on the net of superduper-criminals you can do it! Just get GpG and use my public key:
—–BEGIN pGp pUBLIC KEY BLOCK—–
Version: GnupG v1.2.1 (MingW32)
mQELBEFZSfcBCADGQJa/tOpKEblLmHxV/nLbSKtYqRjLhRuvrqWc c/9cwlJ8buVc
XqruQsgce+RHtup6GVnTuw3OysISWk+cEyp3Oo/WcV8LS/RRntn 0Wlx3xSQuqmxE
2zeDBSkSaWcZWiIVw3YdW/goj+MW1cdj10DnZ3T1DqUMmBs9G9 Bi1dRbiDFlTzVy
Z0HnoY6nHg+k8R//QM6pp+ESJSGieGqvi16f7Ke9Voe9k2slR fBu1uISASpU6wzC
mx2qn2O9UVQpN5DzbY+JMr/sHqq1Jy9cq9valOqzArcDYC6s oAzW/D01MxOfkdyE
lQ/Qz/QzNYs0K+oOZNFV7Z3uLZDNZkR44RV/AAYptB9NYXJ jdXMgUmljaHRlciA8
bS5hcmN1c0B3ZWIuZGU+iQEzBBMBAgAdBQJBWUn3AhspBQ sHAwIBAxUCAwMWAgEC
HgECF4AACgkQviUxp+ISpukIygf/cY3/UivAt5dwWhNGM G/Z/skejpMR0SuD8pvG
81nFDpi576skoObg5gv1Lvd10CfDNKhA8Zh5vfdVOR+z xqVSHvwVpLgA0zOYXYD7
l7GzOaoMbC1xMyu5KfZZaIIcRDVq02kmKgt8H8Qy3bK tT4/MZiKZVo21/UHx4Yap
0pVdZaKIq7gqlOnY/7qrjWY466JoBcbdInlY3GvTDA 0JMaMd/C02g+0iWCE+FxN2
Y0ldfJpzaGFMh6MEs+Mbp7F6656ROmApJHj9WKy8p AcDti+fS4yYM5OF2leE9Y25
aI6/xpYQ0ZWXia0JbIc/HasjglHH2cn2jofxEAtJ vxu/RThA8ohGBBMRAgAGBQJB
+hDyAAoJEH/Mx1uEUDNDHzoAoO8QxS+UgTeVG7s 8XKLbpqsuIscnAJ0QFJjgs3r4
lOuntRCDcQiQmzqsoIhGBBMRAgAGBQJCILdwAA oJEHK5Sp94bO+lH9QAnA8Z67Zj
QEGhLpBc9R/X2S3T6/2nAJ4yn7vfibJO4KmoO qx2DV2g+b87l4kBMgQTAQIAHAUC
Qg99twIbDwQLBwMCAxUCAwMWAgECHgECF4AA CgkQviUxp+ISpumnIAgAm6olQ8Vr
wWLGMx032portemhAmtdW6J7wOOKbstRFND zk0wGexnX1LyYkh7321vFbhY1k3xO
Op+jCDc2DcS37BTa+zBrpdUsylIkRJvSQi BRjlpBprmzndRzuh42yFSs1JFth0en
w1dYi9tAoqHOo6qmhr2Qg2dh6iYQXzFzK Sp1juk82exDvEHVU1AXpOeoo/Q7yM20
4zpSpLZw/FiaWwKWHqrR3/8JwuMOjaQz hE0r3DU4wDGRywVJ0M+W7//5ljkiWfzY
vz6TlOXNwcMihuQcVAp6j0qQYLHEW7p 90tmq20Nl2L+q1xbv7rffS0pea5uvoZ/7
+U8ZkLGyKIVcrokBNQQTAQIAHwIbDw QLBwMCAxUCAwMWAgECHgECF4ACGQEFAkIS
b5YACgkQviUxp+ISpukLIgf/ZlpVI 2CFu4kpLXRRBv8l6fzX4fp5gtmCoGzkoshu
B1iDLX0gk3ozRcE9/pQlMlz1IGXD wDCGS0tyy0xHHCFB6ZU/q+rrRER+hk9nblVF
vO9nzdeCIvDDyOlXqkMyVbOSklq kO3xpTOUEpXAs3on+nh7y00p8ZrLjKJBppMo/
c+2zt84hwO1rdGONjcUX1muWqY qD7O42kFsUtxnRv3oz6dIAbAhO1GSiY1dshIr/
b5Xp9TQ++a8U+4zGmlo41bx2q jrqNOYERK2UqtfgjpXJCw734koOj0YCp95taGHQ
L6MkyhRngcl4ZBHx+fK05lVl p+c2kg+OEpMJcnwgb7K0CbQpTWFyY3VzIFJpY2h0
ZXIgpGFsbC5hZGRyZXNzZXN AbW9ub3h5ZC5kZT6JATIEEwECABwFAkISbz0CGw8E
CwcDAgMVAgMDFgIBAh4BAh eAAAoJEL4lMafiEqbpodwH/1uHmSwVK1bopph9kemV
lXA4eMsr14QGjdWQw/2Ie VVzEY9QY9jQx+vU89pptEAoeUuQ6jJJza0ryY8sf1Ky
05x/17ekkdlvR3mOc4n3 tuKvWVKjWWdixWQtMHqUBxpiBxF7z/ZSXi2YCeGmmvgl
8h1Aclpbl5RpCusBhKj CB4397sBKFpBhp+6HOhyiHJpAvo67Apbd6+fiF+ecOGGc
3oM9sSaJtt8/1Wen0i zi1Yw/hSKMhdBZngvV6ALu9LVns7ZeFai3FjF1oneU2nJG
9lxWStVC/50hNXc2G oaZHISpDrwSrQBpu7IOF1lEUduGxig5OITnncHf4VpfKlRO
aBq0Lk1hcmN1cyBS aWNodGVyIDxhbGwuYWRkcmVzc2VzQG51cmVpbmhvYmJ5Lm9y
Zz6JATIEEwECABw FAkISb1QCGw8ECwcDAgMVAgMDFgIBAh4BAheAAAoJEL4lMafi
Eqbp8LwIAIgpbU xi3vr6EGt4dYeNBjw0ec4WEaakW1mjnEfiz3VY+QcL7F5bcrOp
mQetFI4×2rX2/ zbSwE96Q1rOtaIAR2traVyIY00GXUJ1sKrMyArS7uOkmbY/rvb+
njExw1kUaAH8 dpYkFZpplyDk0SIvsTMkBJrVZvVxjH144kCD4avLSHRqnmmIEGHU
82SWBEx5iEf 3pOicI1u5YEBJ/i84gefqv32QjZ/dp3k7hd9G7g/9zXXuti6HhOBe
wFVGaX51Y6 BrY7ga6j9LYzVeAk2xpXsphpSYXn0pdBnfZoOrDzqDpzBk3JqZI5jj
vel9TcVYQ jTbmLKbD4m37z6/JshE+me0O01hcmN1cyBSaWNodGVyIChGw7xyIGRl
biBOb3Rm YWxsKSA8bm90ZmFsbEBudXJlaW5ob2JieS5vcmc+iQEyBBMBAgAcBQJC
D35vAhs pBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRC+JTGn4hKm6ab6B/0aISqxsHTA
o1CNRE pa2LSOA6YtVIL+CpeS2+pD0xkMzXphDVtA7H8/WDCYk+I6x+cGyOjCcLy6
b8rRe QVO5p1dpbghLFi1c4Iab5b+BmFM4lovWjaN70wbs/pDEhvzmxb2zE++VgCq
SeDX gfB21MxmENrmaajtIJWCzYL17tFkGe9Rm4iXvpZiJQqL5UDHjiCBHOKTYagc
8sl x4yQTes1/7isUGA0qXecnKQYRYWq9s/qHDSfm6xEpb1npaD5Kp0wItcGj0Cte
4p Iq0+1hhQxeBKsEIEiBgcmTs7OpHv/0nhdt34ya4F+mUBOSUE0wpo++d8pGCCz6
n xGq33tK8MF5
=cOOv
—–END pGp pUBLIC KEY BLOCK—–
Or maybe you shouldn’t - at least not before removing all those nicely put whitespaces which do not belong there, g-blog inserted them. Maybe the man knows something about that?
“SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. [...] It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).”
[Schneier on Security via /. ]
Does anyone now if RIpEMD160 is secure?
Edit: I asked that question cause my GnupG has three hash-functions and this is the only one not compromised. Of course wikipedia knows it all:
“It is an improved version of RIpEMD, which in turn was based upon the design principles used in MD4, and is similar in both strength and performance to the more popular SHA-1.”
However: “RIpEMD-160 was designed in the open academic community, in contrast to the NSA-designed algorithm, SHA-1. On the other hand, RIpEMD-160 is a less popular and correspondingly less well-studied design.”
Edit2: Hmm. I’m not really sure how to use RIpEMD-160 with Enigmail end if other OSes are capable to work with that. I’ll keep you posted.
[source]
I think there should be a [security] category.
Edit2: Changed category [coding] to [security] cause Gossip heeded my request. Thx!
Edit3: For all Enigmail-users:
“GnupG hash algorithm (currently only 1 supported!)
user_pref(”extensions.enigmail.mimeHashAlgorithm”,1) ;
UI: Enigmail > preferences > pGp/MIME; Hash algorithm
Default set to SHA1.
MD5 and RIpEMD160 are available for selection but will not work currently“
[Source]
Also heise.de says, that this is not practicable usable. Also the results one would get are far from resembling a systematic manipulation.
Edit4: All is well, at least for know. Arccording to another article at heise.de even a cluster of specialized overclocked machines would compute for “some” years before finding a collision (two texts which would have the same hash). A counterfeit of a real signature would require a ‘preimage’-attack which would take even longer.
I’ll close this post with Bruce Schneiers conclusion: “For the average Internet user, this news is not a cause for panic. No one is going to be breaking digital signatures or reading encrypted messages anytime soon. The electronic world is no less secure after these announcements than it was before. [...] Jon Callas, pGp’s CTO, put it best: “It’s time to walk, but not run, to the fire exits. You don’t see smoke, but the fire alarms have gone off.” [...] The Chinese cryptographers deserve a lot of credit for their work, and we need to get to work replacing SHA.”
Edited on Feb 21st 2005, 13:12 by jeck
jeck's twitter
Recent Comments