yossarian, 1 year ago to programming

PGP signatures on PyPI: worse than useless

https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless

#programming #devblog #cryptography #rant #python #xp

arstechnica, 1 year ago to random

Microsoft is scanning the inside of password-protected zip files for malware

If you think a password prevents scanning in the cloud, think again.

https://arstechnica.com/information-technology/2023/05/microsoft-is-scanning-the-inside-of-password-protected-zip-files-for-malware/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

hko, 1 year ago to random

I've just released an alpha.1 version of OpenPGP CA 0.13:
https://crates.io/crates/openpgp-ca/0.13.0-alpha.1

This release offers a preview of the new "Split" mode.

For details about split mode OpenPGP CA, see https://gitlab.com/openpgp-ca/openpgp-ca-web/-/blob/split/content/doc/split-mode.md (some details may change between now and the first stable release in the 0.13 series)

This work was supported by NLnet @NGIZero, thank you!

#OpenPGP #OpenPgpCA

blake, 1 year ago to random

In case it helps someone else: To change the #OpenPGP smartcard PIN on my #YubiKey, gpg --change-pin does NOT work for some reason. Using gpg --card-edit and putting admin and then passwd into the prompt lets me do it though.

#gpg #gnupg

decathorpe, 1 year ago to random

5. I pushed another update for #Sequoia #OpenPGP (version 1.16.0), which fixes a handful of parser bugs that could result in crashes caused by out-of-bounds array accesses. All affected applications were rebuilt with the new version. 🕶️

This also included the latest version of sequoia-octopus-librnp, which provides better compatibility with recent versions of #Thunderbird.

Updating sequoia-sq to the latest version is still blocked, because some of the new dependencies have blocking issues 😐

kaiengert, 1 year ago to random

We have a new #OpenPGP passphrase protection feature in #Thunderbird Daily (development) builds, in response to requests we received in the past. Here's a description and call for testing:
https://thunderbird.topicbox.com/groups/e2ee/Tdc427a8b0255b85a/passphrase-protection-for-openpgp-secret-keys
I'd welcome some testing and feedback.

deepsec, 1 year ago to random

Press Release: A 40-year Step Backwards for Secure Communication
The UK government's Online Safety Bill wants to set back the state-of-the art for secure communication 40 years backwards. The proposal includes compulsory backdoors for communication platforms and wil
https://blog.deepsec.net/press-release-a-40-year-step-backwards-for-secure-communication/
#Press #AthensAffair #CryptoWars #CryptoWars2.0 #DeepSec2023 #EUchatcontrolregulation #industrialespionage #OpenPGP #UKOnlineSafetyBill

Goffi, 1 year ago to random French

#OX (XEP-0373, XEP-0374: #OpenPGP for #XMPP, without security problems of historical XEP-0027) implementation has been merged to #Libervia, thanks to Syndace again, and #NLnet for their funding.

OX doesn't have PFS (https://en.wikipedia.org/wiki/Forward_secrecy) but that means that new devices can access archives, which may be desirable. Also, it can encrypt arbitrary elements.

It is also a brick for incoming feature such as #pubsub #e2e #encryption .

stay tuned