From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Sun, 14 Apr 2013 13:46:12 +0000
Subject: Add zarb MLs html archives

---
 zarb-ml/mageia-dev/20110201/002408.html | 97 +++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 zarb-ml/mageia-dev/20110201/002408.html

(limited to 'zarb-ml/mageia-dev/20110201/002408.html')

diff --git a/zarb-ml/mageia-dev/20110201/002408.html b/zarb-ml/mageia-dev/20110201/002408.html
new file mode 100644
index 000000000..264e7e803
--- /dev/null
+++ b/zarb-ml/mageia-dev/20110201/002408.html
@@ -0,0 +1,97 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-dev] PGP keys and package signing
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTi%3DnufoGktW%2BycrwUL4QENS5-0oAF-LoNzwsdzp2%40mail.gmail.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="002406.html">
+   <LINK REL="Next"  HREF="002410.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-dev] PGP keys and package signing</H1>
+    <B>Pascal Terjan</B> 
+    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20PGP%20keys%20and%20package%20signing&In-Reply-To=%3CAANLkTi%3DnufoGktW%2BycrwUL4QENS5-0oAF-LoNzwsdzp2%40mail.gmail.com%3E"
+       TITLE="[Mageia-dev] PGP keys and package signing">pterjan at gmail.com
+       </A><BR>
+    <I>Tue Feb  1 11:47:46 CET 2011</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="002406.html">[Mageia-dev] PGP keys and package signing
+</A></li>
+        <LI>Next message: <A HREF="002410.html">[Mageia-dev] PGP keys and package signing
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#2408">[ date ]</a>
+              <a href="thread.html#2408">[ thread ]</a>
+              <a href="subject.html#2408">[ subject ]</a>
+              <a href="author.html#2408">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On Tue, Feb 1, 2011 at 00:35, Dick Gevers &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">dvgevers at xs4all.nl</A>&gt; wrote:
+&gt;<i> On Tue, 01 Feb 2011 00:15:36 +0100, Michael Scherer wrote about Re:
+</I>&gt;<i> [Mageia-dev] PGP keys and package signing:
+</I>&gt;<i>
+</I>&gt;&gt;<i>Le lundi 31 janvier 2011 &#224; 21:49 +0000, Dick Gevers a &#233;crit :
+</I>&gt;&gt;&gt;<i> On Mon, 31 Jan 2011 17:18:25 +0100, Michael Scherer wrote about Re:
+</I>&gt;&gt;&gt;<i> [Mageia-dev] PGP keys and package signing:
+</I>&gt;&gt;&gt;<i>
+</I>&gt;&gt;&gt;<i> &gt;The problem is not leaking the key, it is about cryptographic attacks
+</I>&gt;&gt;&gt;<i> &gt;about older keys.
+</I>&gt;&gt;&gt;<i> &gt;
+</I>&gt;&gt;&gt;<i> &gt;If in 10 years, there is some technology that allows people to get our
+</I>&gt;&gt;&gt;<i> &gt;private key by bruteforce on the public one
+</I>&gt;&gt;&gt;<i>
+</I>&gt;&gt;&gt;<i> You can never ever obtain the private key from the public one, that is
+</I>&gt;&gt;&gt;<i> impossible. It can only be compromised if someone looses the private key
+</I>&gt;&gt;&gt;<i> plus the password is cracked.
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i>Some secure systems have been seen compromised ( like
+</I>&gt;&gt;<i><A HREF="http://www.win.tue.nl/hashclash/rogue-ca/,">http://www.win.tue.nl/hashclash/rogue-ca/,</A> who explain how the whole SSL
+</I>&gt;&gt;<i>business was compromised 2 years ago, or see the GSM being cracked at
+</I>&gt;&gt;<i>this year 27C3 ).
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i>And Debian also got ride of older vulnerable gpg keys ( see
+</I>&gt;&gt;<i><A HREF="http://lists.debian.org/debian-devel-announce/2010/04/msg00018.html">http://lists.debian.org/debian-devel-announce/2010/04/msg00018.html</A> and
+</I>&gt;&gt;<i><A HREF="http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html">http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html</A> ),
+</I>&gt;&gt;<i>so I would not be so optimistic about the &quot;never&quot;.
+</I>&gt;&gt;<i>
+</I>&gt;&gt;<i>Technically, MD5 should not have been reversible, but see how easy it is
+</I>&gt;&gt;<i>using a rainbow table. Granted, that's a 20 year protocol, but that's
+</I>&gt;&gt;<i>still widely used in lots of software.
+</I>&gt;<i>
+</I>&gt;<i> Sorry, but I am not convinced: the gpg key we are talking about consists of
+</I>&gt;<i> 2 parts: the private key is separate from the public key, or signing key.
+</I>&gt;<i> The signing key is a separate or subkey and does not contain any part of the
+</I>&gt;<i> private key. So you can throw any amount of computing power at it, but
+</I>&gt;<i> there is nothing inside the public key that will enable the rebuilding of
+</I>&gt;<i> the private key from it.
+</I>
+Encrypt stuff with the public one, try to decrypt it with the 2^4096
+(or whatever) possible private keys.
+</PRE>
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="002406.html">[Mageia-dev] PGP keys and package signing
+</A></li>
+	<LI>Next message: <A HREF="002410.html">[Mageia-dev] PGP keys and package signing
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#2408">[ date ]</a>
+              <a href="thread.html#2408">[ thread ]</a>
+              <a href="subject.html#2408">[ subject ]</a>
+              <a href="author.html#2408">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
+mailing list</a><br>
+</body></html>
-- 
cgit v1.2.1