Quote from: jcross on October 18, 2012, 10:52 pm-----BEGIN PGP PUBLIC KEY BLOCK-----Version: BCPG v1.47mQGiBFCAf1gRBACc/oTiMlzrMn8hOYQW3d0cAL4evgGYMLwSnmM7ZjDnzhl2zjy5UkO9KX1dzYvBkYNXnfLnPMNazFUuy5F37LpSBKE1RqW90tggfArvgjH3qgFvJRYzg1u8hU4o5wlvLISbzUc8wnlZNz8KZ8mMK4ZtbC6oLtftqOo7FN5cGoeQbwCg23tgl4TX3TV/h1xb7Jl5f6AoWzUD/iDiNLDovpnGm5bnEpSaYgEtnTRQtmKec9gy83+rxJWgN3PxbVy0iH7ixI5LmUQPZdYNyA8y93YwGH7fT3puj1bKiiZnBv4hEGr2ug7mpZKNiO8063WDP882p0Hb1rV+0N1S/VlwoWsHeWsolCsMYzNTG8v7p86AoDWLxdxtLNKUA/4nagw6lJy8AYEx7P+0GdycojHgXTQi0nR5sOJ6BPCMUBhpWeIBJCSSnZJhd+JOPqNqEbsQrBp69zfVUm3cNnRWHVDEKGcFloZ+Wkr5Ae+w5Rf62B4zRsTv53FpZxKlsiM1kUffQ5e18UZ//LuX+IZOHSmfUAGQAULMQFmApdio1LQXamNyb3NzIDxqY3Jvc3NAbm93aGVyZT6IRgQTEQIABgUCUIB/WAAKCRDhl4z1yxHMkPxeAJsEAAOdJEMcP/xQEQ4z7Ea2X2OKAQCgjIFxdwjWWyU74jIcnC8TaT/svly4zARQgH9YEAIAlJT+wJXzuF7ihlQrODb8gaXdCgNJtMI53Th0TUiM+OMduLy30ztBq7nlozzKkUSxzvMyyUvwVzvwR6OsqYzfOwH9FT1dYXKttDBFtoro4d4QcLYTcAVobSnT1zp3SRmWge5bISyblr/c+lsgzV4/0gRIldYJz5tBC3oPEsocuaQozAH+JygRLZR++MhIj7NNuBL9rqxt2vGRYMCxUwiqdMlpG+YRfk5Lp0ydPj44zCCLLnUtO4LGZ7sFbxDVzRxAVGDxx4hGBBgRAgAGBQJQgH9ZAAoJEOGXjPXLEcyQJrwAoJAss7oHIIHoMaoH8bNFytFQCkxWAKCC9O9ZE2RMEqbnEDVqFfP5fO+fAA===5QLF-----END PGP PUBLIC KEY BLOCK-----If you know what's good for you, you'll throw this key away, and the software that generated it. Your key: gpg --list-keys jcrosspub 1024D/CB11CC90 2012-10-18uid         jcross <jcross@nowhere>sub  512g/24076EDF 2012-10-18As Guru said in http://dkn255hz262ypmii.onion/index.php?topic=42253.msg464012#msg464012DO NOT USE BROKEN PGP SOFTWARE LIKE PortablePGP! on: September 12, 2012, 07:00 PM Over the last several months, I've posted at least a half-dozen warnings in the vain attempt to get people to stop using Java-based PGP software.These warnings appear to have largely fallen on deaf ears, so I'm going to post yet another warning. I understand that some people have difficulty using PGP/GPG, and naturally, they turn to "easy to use" alternatives like Portable PGP, iGolder.com, and similar alternatives. Phil Zimmermann, the author of PGP, once compared cryptography to pharmaceuticals -- he said that merely judging by appearances, it was difficult to tell the bogus pharmaceuticals from the real thing.While the keys and encrypted messages generated or created by may appear solid, if you look under the hood, anyone with any real experience using PGP/GPG can see that these implementations are broken beyond belief. One of the most egregious offenders in this regard is PortablePGP. PortablePGP is hosted on Sourceforge.net. The latest update is version 1.07, dated June 2012. This latest release has been modified so as to work with Windows 7 apparently in response to user-complaints. The author has never responded to comments warning him that the software is grossly unsafe.Frankly, I've lost count of how many people I've had to warn because their keys were dangerously short. It would appear that, by default, PortablePGP generates a 1024-bit DSA key (for signing) and a 512-bit Elgamal sub-key for encryption. 512-bit keys have not been used for almost 20 years now, because they are insecure. 512-bit keys can (and have) been broken by small networks of machines, operated by one individual.With respect to 1024-bit keys, these were deprecated by NIST in December 2010. NIST recommended that agencies still using 1024-bit keys, completely stop using them by 2013.Here, I am going to reproduce the comments I left on the PortablePGP site:The authors appear either unwilling (or unable) to fix the glaring security problems with this software, i.e. the use of keys a maximum size of 1024-bits, and continued use of DSA/Elgamal, which key format has been deprecated. Starting in 2009, 3 years ago now, both the PGP and Gnu Privacy Guard (GPG) developers made a decision to abandon the DSA/Elgamal key format, change the default key type to RSA, and change the default key-size to 2048-bits.All this was done for security reasons. The American standards authority NIST (National Institute of Standards and Technology) published a report which recommended that 1024-bit keys be abandoned by the end of December, 2010. That recommendation became effective 18 months ago, yet we still see Portable PGP using the now-deprecated DSA/Elgamal key format, and the obsolete key-size of 1024-bits.NIST is reponsible for establishing standards for U.S. government computers. NIST is notoriously conservative when it comes to security, and usually very reluctant to make changes. This should come as no surprise, given the thousands of computers that are operated by any of the hundreds of agencies in the U.S. government that would be affected by any standards they set. So, when NIST, PGP, Inc., and the GPG developers ALL recommend the same course of action, there's gotta be a problem. Until this software is brought up to current standards, it should NOT be used, period.So, to sum-up, people should only be using standards-compliant encryption software -- Java based garbage such as PortablePGP, iGolder.com and others simply do not measure up.Guru