Language Selection

English French German Italian Portuguese Spanish

Evolution vs sha256, or why my new key is useless

Filed under
Software
Security

There’s again a bit of cryptographic related panicing going on at the moment. This time it’s not a bug in the Debian version of OpenSSL, but another attack on SHA-1 that appears to break it a bit worse than before. So now everybody is generating new gpg keys to move away from SHA-1 hashes.

There’s one problem though: even when you generate a new gpg key that supports better hashing, your applications will still need to support the better hashing for it to be effective.

Given that gnupg is pretty unusable as a library, making everyone create library-ish wrappers around its command-line interface, it is very easy to get this wrong.

rest here




More in Tux Machines

Mozilla Wants to Save the Open Web, but is it Too Late?

Again, I think this is absolutely correct. But what it fails to recognise is that one of the key ways of making the Web medium "less free and open" is the use of legally-protected DRM. DRM is the very antithesis of openness and of sharing. And yet, sadly, as I reported back in May, Mozilla has decided to back adding DRM to the Web, starting first with video (but it won't end there...) This means Mozilla's Firefox is itself is a vector of attack against openness and sharing, and undermines its own lofty goals in the Open Web Fellows programme. Read more

Open source is starting to make a dent in proprietary software fortunes

Open source has promised to unseat proprietary competitors for decades, but the cloud may make the threat real. Read more

Chakra-2014.09-Euler released

The Chakra team is happy to announce the first release of the Chakra Euler series, which will follow the 4.14 KDE releases. A noticeable change in this release is the major face-lift of Kapudan, which now gives the option to users to enable the [extra] repository during first boot so they can easily install the most popular GTK-based applications. Kudos to george2 for the development and Malcer for the artwork. Read more

What Linux User Groups Can Do for FOSS

On a monthly basis — on the last Saturday each month — members of the Felton Linux Users Group drag their collective butts out of bed at the crack of 9:30, or possibly earlier, and make their way from various points in the sleepy little town just northeast of Santa Cruz to the solar-powered Felton Fire Station for their meeting. It’s a good group with core regulars hosting meetings since the Lindependence Project held three open houses to introduce the town to Linux in the summer of 2008. In those open houses, various distros like Debian, Fedora, Ubuntu and Mandriva, along with hardware maker ZaReason, and even an open-source stuffed penguin maker called Open Animals based in Phoenix, appeared to show their wares to the curious in the San Lorenzo Valley area. Around 600 people appeared over the three days and more than 300 live CDs went out the door. Read more