Full Disclosure mailing list archives
Re: Introducing TGP...
From: Nid <nidfulldisc () googlemail com>
Date: Mon, 14 Jun 2010 20:17:55 +0200
Hi Timothy
TGP – “Thor’s Godly Privacy” 06/13/10 v1.1.06 it does things a bit differently – differently in a way that can change the way you work with your encrypted data. At the simplest level, this is done by encrypting data into byte arrays, and then converting those byte arrays into Base64 encoded text wrapped inside XML tags. In this way, not only do you get your typical file-based encrypted representation of your data, but you also get data that you can copy and paste directly into any email, mailing list, blog-page, or social networking site.
First of all you should keep in mind, that base64 raises the size of your data by 33%.
What I think is interesting about this is that if we choose to, we no longer have to be the custodians of our encrypted data – we don’t have to worry about actually housing the files: we can just post them to the internet and let someone else assume the burden of storing the files for us.
posting big files especially on mailing lists might offend the other users of the list. specially if you see the headline of lsi's answer. there your message is marked as spam. Also assuming to have a lot of people behaving like this would result in moderated lists. BTW why not storing your data on rented space? The next issue is that you can not trust private keys which are published on the internet with respect to signatures. These keys could have been cracked. Using such a key only for yourself to have data on the internet seems also not to make sense. It could be better placed on a private machine where you have controled access to for example with VPN or ssh. The next point is if you would like to use the key in an internet cafe at a restaurant, you will not be able to trust the machine. most likely there is a trojan on it or a key grabber.
Normally, you want to keep your private keys as safe as possible. This is still the case with TGP. However, it is trivial to build as many private keys as you wish to use for anything you want to use them for. TGP Private Key files are password protected and individually salted, so with a strong passphrase you have very reasonable assurance that no one is going to get to your key any time soon. So, you can create a private key with a strong password, post that, and then, say, encrypt a scan of your passport and post that. Then if you are ever in a pinch while travelling or something like that, you can simply use Google or Bing to access your data wherever you are. That’s really the main different between TGP and an application like PGP. That and of course, TGP is free, and personally, I think PGP is tardware. It’s bloated, it’s far too expensive, it’s hard to use, and if you don’t watch your licensing, you can get screwed hard like I did when I didn’t want to buy the extended support and one day my encrypted drives stopped working until I paid them. That doesn’t fly. TGP also doesn’t require that you are an admin to install. However, the .NET installer for the 4.0 client profile does – that’s not my doing. Regardless, here are the file structures TGP uses:
there are other possibilities than PGP for example GPG ect. I would rather trust such a software, since I am somehow sure, that enough people tried to find bugs in it. Also a lot of scientists and hackers tried to find a bug in the implementation. If for example your software uses a weak Pseudo random number generator this could result in weak key room. Best regards Norbert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Introducing TGP..., (continued)
- Re: Introducing TGP... Pavel Kankovsky (Jun 17)
- Re: Introducing TGP... lsi (Jun 17)
- Re: Introducing TGP... Thor (Hammer Of God) (Jun 17)
- Re: Introducing TGP... lsi (Jun 17)
- Re: Introducing TGP... lsi (Jun 14)
- Re: Introducing TGP... Christian Sciberras (Jun 14)
- Re: Introducing TGP... Thor (Hammer Of God) (Jun 14)
- Re: Introducing TGP... Jeffrey Walton (Jun 15)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 15)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 14)
- Re: Introducing TGP... Michael Neal Vasquez (Jun 14)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 14)
- Re: Introducing TGP... rembrandt (Jun 15)