1181: "PGP"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
rhomboidal
Posts: 801
Joined: Wed Jun 15, 2011 5:25 pm UTC
Contact:

1181: "PGP"

Postby rhomboidal » Mon Mar 04, 2013 5:08 am UTC

Image

Title Text: If you want to be extra safe, check that there's a big block of jumbled characters at the bottom.

It sounds better than my method by checking whether the subject line has a hysterical stream of exclamation points.

User avatar
sardia
Posts: 6813
Joined: Sat Apr 03, 2010 3:39 am UTC

Re: 1181: "PGP"

Postby sardia » Mon Mar 04, 2013 5:09 am UTC

Is there a joke I'm not getting? Time for google to tell me.

User avatar
Someguy945
Posts: 190
Joined: Fri Jul 22, 2011 5:09 am UTC

Re: 1181: "PGP"

Postby Someguy945 » Mon Mar 04, 2013 5:20 am UTC

sardia wrote:Is there a joke I'm not getting? Time for google to tell me.


The method described in the comic is NOT sufficient to verify that an email is authentic.

However, in practice so few people use PGP that as soon as you see it, you know it's some crazy security-obsessed person and therefore legit. In other words, http://xkcd.com/1121/ all over again.

User avatar
da Doctah
Posts: 995
Joined: Fri Feb 03, 2012 6:27 am UTC

Re: 1181: "PGP"

Postby da Doctah » Mon Mar 04, 2013 5:31 am UTC

Hypothetical situation: suppose you're Nigerian and a formerly high-placed government official, and you actually do have a bunch of money stashed away somewhere that you can't get out of the country by yourself. How would you go about extending an offer of partnership to someone who might be able to help without your overtures being insta-binned by the intended recipient?

Unprodigy
Posts: 8
Joined: Fri Sep 12, 2008 4:19 am UTC

Re: 1181: "PGP"

Postby Unprodigy » Mon Mar 04, 2013 5:36 am UTC

da Doctah wrote:Hypothetical situation: suppose you're Nigerian and a formerly high-placed government official, and you actually do have a bunch of money stashed away somewhere that you can't get out of the country by yourself. How would you go about extending an offer of partnership to someone who might be able to help without your overtures being insta-binned by the intended recipient?

If you were a highly placed government official, in theory you should have actual contacts who can help you, rather than random total strangers on the internet.

DaveMcW
Posts: 35
Joined: Sat May 17, 2008 7:42 pm UTC

Re: 1181: "PGP"

Postby DaveMcW » Mon Mar 04, 2013 5:45 am UTC

da Doctah wrote:Hypothetical situation: suppose you're Nigerian and a formerly high-placed government official, and you actually do have a bunch of money stashed away somewhere that you can't get out of the country by yourself. How would you go about extending an offer of partnership to someone who might be able to help without your overtures being insta-binned by the intended recipient?


Method #1: Have all your friends install a PGP Facebook app, hope their friends also install the app, until the web of trust extends to someone who can help. Note that due to low PGP use among app developers and users, such an app may not exist yet.

Method #2: Publish your PGP public key to a PGP certificate server. The server must be reliable enough that people who can help you trust it. Note that due to low PGP use, such a server may not exist.

The standards exist to do it, but for practical reasons it's unlikely to happen.

nowhereman
Posts: 68
Joined: Thu Apr 15, 2010 5:46 pm UTC

Re: 1181: "PGP"

Postby nowhereman » Mon Mar 04, 2013 7:13 am UTC

I laughed because I am the security obsessed one in my family. In the past two years, I have tried to get my friends and family to support GPG encrypted and signed e-mail, scrambled cellphone calls (apparently the ability to encrypt your calls only works if the other person does it too, or you have the time/money to make/rent a PBX server), full HDD encryption, TOR communication, and finally I have done research into steganography. The last part is because I might not want someone to even know I am sending a message, let alone to whom.

Needless to say, my family doesn't even humor me.
"God does not play dice with... Yahtzee!" - Little known quote from Einstein

mfc
Posts: 15
Joined: Fri Jan 16, 2009 9:25 pm UTC

Re: 1181: "PGP"

Postby mfc » Mon Mar 04, 2013 7:42 am UTC

"Is there a joke I'm not getting?"

The cartoonist is using a form of humour rarely seen (heard) in the USA. It has a name. It is called "irony". :)

User avatar
Mr. Burke
Posts: 99
Joined: Wed Feb 04, 2009 4:56 pm UTC

Re: 1181: "PGP"

Postby Mr. Burke » Mon Mar 04, 2013 8:27 am UTC

Of course, the “verify that the signature is genuine” part should be done by the mail application, which displays a calmingly green lock when everything is all right and a glaringly red exclamation mark when the signature cannot be verified.

jonas
Posts: 37
Joined: Mon Mar 26, 2007 6:12 pm UTC

Re: 1181: "PGP"

Postby jonas » Mon Mar 04, 2013 8:51 am UTC

Why is the transcript of this comic empty?

User avatar
Argure
Posts: 5
Joined: Mon Sep 10, 2012 4:36 pm UTC

Re: 1181: "PGP"

Postby Argure » Mon Mar 04, 2013 9:32 am UTC

Inline PGP signatures are a deprecated way of signing your emails and PGP/MIME attachments are basically the 'new standard' as far as I know. Unfortunately I believe Enigmail still uses inline armouring while mail is one of those standards where you can just as well use a PGP/MIME attachment (exceptions being mailing lists where you shouldn't sign your mails anyway and servers that strip attachments).


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iQIcBAEBAgAGBQJRNGn6AAoJEMiyAWqqBX/+LWgP/Ryvfj7qXG4VY1XveVec7eTY
4zI+5bQF2akazb1yUxPWMNZPGYneVZUB3y9+lTfoaXel/oQ9Q6lUeaz02IY+RZ2l
/3Fzx9poh61tDRq8cPF6D0sMItOGmes540hA0pWuq1REti7rKNyxJ26pjeuiY8nk
awmmJFIw8rVW96wDzDGNSnxLz4jd90hEqXbEbDV1ahNM7V0MqIU7YeqIFwkO33kD
Yis5kIwoAuTIBd/V1gMRZM1fEhKcwGlCjXQuxQbzZm9i7Jf1Y3FzBFM1wKLv/Ps2
UINxIwfKrAN+YuB3SOtuV/0D2L55dJNe2nC3gatNjgAy7fWOjztF2tlMJapUPJEj
YIHsNID7eeleRUwtu43mMQonwZ0HqWV1JWP0D2Gvh6N7OeeQGy0jLGLkA0/bjMLJ
SLxaDItmTPdUdJJ1Q3lPDgrWnVjn3+10l030N6dPtyGc6er64/eaDzBq97X2DkrY
ck1WYovX+rrSCQMTF3TGtNi47V5o4ztNNp/IVnKyfeIQELP8Oyk094AGhgUqiOSt
EnKFzIcuYqnX3FIaueooypy4DqOp/tcgXxiKwSXGrThRO97F4rSOVDaIxRV+3vxt
2n9GS5nkhRj7q9FSUHlfTIdAP2wpxTUcMRWpx83m9tO4B5xx7oSAR/aodgz9jvTn
fPc9TJlbbgDcJk69DtOA
=Thvi
-----END PGP SIGNATURE-----

Confusion
Posts: 7
Joined: Wed Feb 27, 2013 6:06 pm UTC

Re: 1181: "PGP"

Postby Confusion » Mon Mar 04, 2013 9:44 am UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This comic makes me cringe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJRNGzIAAoJEFQkbGiZhrjUA1YP/2gkKWdgI3W8B5uoQgTEuNr9
KK+rxsbQLXa8rOriet8vOFdz4cXBnkcRKwsnvS1IDyq0+ONhw1fJeW9WjIL3rEuF
0KCq09lHv95GScoVqi4vdySgjNMgk4l/LYx+DEVJPaZsq/iT8IXqFYrQqbKVQRty
kYv3cafh2ckmIwQrNBy4WJeWkn82/tnWsMIA6IRAFs/0fCdJF670daQi7Wu5pvI7
20BdJtoXsrxOilP/1IohDXtig6IpmWvaQoKqHsMhJaNvDUqTzDrbG2rkbQHqlKTN
vEZirDLo+uaOQsHGdH03M7ofofYSMni0ywdFDBT22m7NsaO5BrdVXDd517xW0bwc
WdPcw5+K78ITWSB4ukAPSFq0tyAFFHzO1gOdMLkoRVte+HrxekJ0/v8POKMKYvK0
y3CEJ4PmquguNKHQkrjg+AZUzRhwW21cSSYJxo6vjelAtJcWjChgk2BLfkg4xv1A
pRUQpRGOCMXGyaZxZxfP0rLz1Q/XnLC75ffRtQ1Lw4wNphQEg71NcjqeFD0IHdSD
SQkUDjJ1JJge2k1VfksG7EZI+BlE1kt+/VtWiUadcwcY8hzCzPfIpFFbt0XgMe9Z
Q/kxotvJSyvkIVfirkvbY55oHkc/o1ognx3LQU4cgkeEHStOTsdtagMoeQTbFM9W
83lLTpLHiwig9sfqtM7l
=cXRX
-----END PGP SIGNATURE-----

User avatar
Primis
Posts: 61
Joined: Fri Jul 15, 2011 5:07 am UTC
Location: New York
Contact:

Re: 1181: "PGP"

Postby Primis » Mon Mar 04, 2013 9:47 am UTC

Well, its not like I keep my keyprint with a link in my Sig or anything....
Image
Key Fingerprint: 49A8 7E39 87C1 DFB2 B0EB F7F4 1235 F2BB 9442 E47F
PhoenixRising wrote:What is this sleep you speak of? There is only the castle. All must yield to the castle.

User avatar
Negrebskoh
Posts: 139
Joined: Fri Mar 01, 2013 11:49 pm UTC
Location: The Netherlands

Re: 1181: "PGP"

Postby Negrebskoh » Mon Mar 04, 2013 10:04 am UTC

This comic makes me cri-...why did someone already post the exact same thing?

Armada651
Posts: 3
Joined: Mon Mar 04, 2013 10:44 am UTC

Re: 1181: "PGP"

Postby Armada651 » Mon Mar 04, 2013 11:04 am UTC

Negrebskoh wrote:This comic makes me cri-...why did someone already post the exact same thing?

Because you're the imposter, you haven't signed your message.

jacksonliam91
Posts: 15
Joined: Thu Oct 14, 2010 8:25 am UTC

Re: 1181: "PGP"

Postby jacksonliam91 » Mon Mar 04, 2013 12:44 pm UTC

Ive seen lots of "this message has been scanned by AVG security", Which obviously makes me feel about 0.9X safer :/

Its like when the verification images on website links to the verification companies' homepage... Very official

User avatar
TimXCampbell
Posts: 110
Joined: Wed Jul 27, 2011 4:26 am UTC
Location: Very Eastern Kentucky, USA
Contact:

Re: 1181: "PGP"

Postby TimXCampbell » Mon Mar 04, 2013 12:45 pm UTC

I'm not surprised that most people avoid, misunderstand or misuse PGP. I had some sensitive discussion with somebody and we decided we should use PGP. I installed GnuPG and almost instantly realized that this was an application made for people who were 95% skilled enough to have written it themselves. I couldn't find decent “How-To” and background documentation in the install package. In the end I figured out how to use it, but the learning curve was painful.

This is, like, the third time I've tried to implement a secure email thing. The previous two times the other guy and I just ended up swapping WinZIP files encrypted with something like a 12-character scramble code. I ended up using this method with dozens of clients, because the "leet" encryption methods were too hard to explain to them. The irony of this is that I have an old WinZIP file I really wish I could read but I've forgotten the code! (I'm aware there are ZIP-cracker programs out there, but I can't find one that will crack the special WinZIP compression method. Oh, and I don't want to wait until the end of the universe for the program to crack the code.)

User avatar
EpicanicusStrikes
Random Boners = True Attraction
Posts: 130
Joined: Wed Nov 16, 2011 11:36 am UTC

Re: 1181: "PGP"

Postby EpicanicusStrikes » Mon Mar 04, 2013 1:06 pm UTC

Security will always, eventually, be broken. I used to worry about my messages being intercepted, so I loaded my pidgeons with mini mini-guns. It worked great, too. Until the cats found a pipeline to mini SAMs.

Bastards...

I then tried to get the pidgeons to use min chaff. But they kept dropping it on statues. So now I just don't talk to anyone.

webgiant
Posts: 252
Joined: Mon Aug 17, 2009 5:36 pm UTC

Re: 1181: "PGP"

Postby webgiant » Mon Mar 04, 2013 1:14 pm UTC

DaveMcW wrote:
da Doctah wrote:Hypothetical situation: suppose you're Nigerian and a formerly high-placed government official, and you actually do have a bunch of money stashed away somewhere that you can't get out of the country by yourself. How would you go about extending an offer of partnership to someone who might be able to help without your overtures being insta-binned by the intended recipient?


Method #1: Have all your friends install a PGP Facebook app, hope their friends also install the app, until the web of trust extends to someone who can help. Note that due to low PGP use among app developers and users, such an app may not exist yet.

Method #2: Publish your PGP public key to a PGP certificate server. The server must be reliable enough that people who can help you trust it. Note that due to low PGP use, such a server may not exist.

The standards exist to do it, but for practical reasons it's unlikely to happen.

Plus there's the problem that a PGP signed message can still easily be spam from an actual Nigerian email scammer.

alpha754293
Posts: 6
Joined: Mon Nov 21, 2011 8:10 pm UTC

Re: 1181: "PGP"

Postby alpha754293 » Mon Mar 04, 2013 1:53 pm UTC

TimXCampbell wrote:I'm not surprised that most people avoid, misunderstand or misuse PGP. I had some sensitive discussion with somebody and we decided we should use PGP. I installed GnuPG and almost instantly realized that this was an application made for people who were 95% skilled enough to have written it themselves. I couldn't find decent “How-To” and background documentation in the install package. In the end I figured out how to use it, but the learning curve was painful.

This is, like, the third time I've tried to implement a secure email thing. The previous two times the other guy and I just ended up swapping WinZIP files encrypted with something like a 12-character scramble code. I ended up using this method with dozens of clients, because the "leet" encryption methods were too hard to explain to them. The irony of this is that I have an old WinZIP file I really wish I could read but I've forgotten the code! (I'm aware there are ZIP-cracker programs out there, but I can't find one that will crack the special WinZIP compression method. Oh, and I don't want to wait until the end of the universe for the program to crack the code.)


Use a GPU-based WinZIP cracker? It's been said that it's a LOT faster at doing that task.

User avatar
cellocgw
Posts: 2067
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1181: "PGP"

Postby cellocgw » Mon Mar 04, 2013 2:35 pm UTC

Unprodigy wrote:
da Doctah wrote:Hypothetical situation: suppose you're Nigerian and a formerly high-placed government official, and you actually do have a bunch of money stashed away somewhere that you can't get out of the country by yourself. How would you go about extending an offer of partnership to someone who might be able to help without your overtures being insta-binned by the intended recipient?

If you were a highly placed government official, in theory you should have actual contacts who can help you, rather than random total strangers on the internet.


Killjoy.

How about instead, "You send email to everyone named Bruce Schneier or John McClain or Vin Diesel and wait for someone to show up at your front door with a fast car containing two or more hot chicks and several trash bags full of cash."

EDIT: well, now I'm impressed. Apparently the forum posting software has an autofilter and C*H*U*C*K N*0*R*R*1*S becomes "saladin's mom" all by itself!
Last edited by cellocgw on Mon Mar 04, 2013 3:27 pm UTC, edited 1 time in total.
resume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

NiteClerk
Posts: 44
Joined: Wed Sep 14, 2011 4:22 pm UTC

Re: 1181: "PGP"

Postby NiteClerk » Mon Mar 04, 2013 2:52 pm UTC

Someguy945 wrote:... In other words, http://xkcd.com/1121/ all over again.


Just for fun, text your spouse and ask what the P.I.N. is. (Or ask what the PIN number is for the ATM machine.) See if they just automatically send it to you. :roll:

User avatar
Vorticity
Posts: 16
Joined: Thu Apr 16, 2009 5:16 pm UTC

Re: 1181: "PGP"

Postby Vorticity » Mon Mar 04, 2013 4:01 pm UTC

sardia wrote:Is there a joke I'm not getting?


Regardless of context, the answer to this question is always yes.

endolith
Posts: 229
Joined: Tue Jan 01, 2008 2:14 am UTC
Location: New York, NY
Contact:

Re: 1181: "PGP"

Postby endolith » Mon Mar 04, 2013 4:26 pm UTC

TimXCampbell wrote:I'm aware there are ZIP-cracker programs out there, but I can't find one that will crack the special WinZIP compression method.


Oh, is that why I can't crack these old zip files that I've forgotten the password to? WinZip had a special compression method? Did this special compression method also allow for individual files in the archive to be encrypted differently from each other? Because I swear I put a hint to remind myself of the password in an unencrypted file within the archive, but now I can't access any of the files without the password, including the one that would help me remember the password.

Confusion
Posts: 7
Joined: Wed Feb 27, 2013 6:06 pm UTC

Re: 1181: "PGP"

Postby Confusion » Mon Mar 04, 2013 4:29 pm UTC

TimXCampbell wrote:I'm not surprised that most people avoid, misunderstand or misuse PGP. I had some sensitive discussion with somebody and we decided we should use PGP. I installed GnuPG and almost instantly realized that this was an application made for people who were 95% skilled enough to have written it themselves. I couldn't find decent “How-To” and background documentation in the install package. In the end I figured out how to use it, but the learning curve was painful.

This is, like, the third time I've tried to implement a secure email thing. The previous two times the other guy and I just ended up swapping WinZIP files encrypted with something like a 12-character scramble code. I ended up using this method with dozens of clients, because the "leet" encryption methods were too hard to explain to them. The irony of this is that I have an old WinZIP file I really wish I could read but I've forgotten the code! (I'm aware there are ZIP-cracker programs out there, but I can't find one that will crack the special WinZIP compression method. Oh, and I don't want to wait until the end of the universe for the program to crack the code.)


To use PGP or GPG is not that hard for e-mail and I think you have started from the wrong way around. Start with looking at the plugins that exist for your mailclient and then work from that. There should be plenty of PGP/GPG plugins for most common e-mail clients (unfortunately google labs seems to have taken down their PGP support in gmail). Personally I use Evolution as a e-mail client and for all usage it is similar as using it without PGP, except I have to enter my passphrase when I want to send a e-mail. I normally do not send encrypted as signing is much more important to me (authentication of sender and verification of the content so that it has not been tampered with).
The problem with setting it up might vary between different platforms and clients but that is usually one small step to overcome. There are plenty of graphical tools to handle the whole creating and publishing of keys that can be handled without reading any manuals.

The hard part, from my experience, is to make people overcome the extra step of entering their passphrase whenever they write a mail and, second but probably most important, to remember their passphrase.
To get people to encrypt their e-mails is most likely too much to ask (the content is seldom important enough to encrypt) but by at least use signing you make it easier for people to send encrypted to you and encourage others to take the step which moves us one step closer for the critical mass needed for general usage to be accepted.

User avatar
Wnderer
Posts: 640
Joined: Wed Feb 03, 2010 9:10 pm UTC

Re: 1181: "PGP"

Postby Wnderer » Mon Mar 04, 2013 4:37 pm UTC

How does PGP work? Can you send PGP encrypted emails only to people who have PGP decryption programs installed? If that is the case, how do you know if the people you want to send emails have PGP?

Confusion
Posts: 7
Joined: Wed Feb 27, 2013 6:06 pm UTC

Re: 1181: "PGP"

Postby Confusion » Mon Mar 04, 2013 5:01 pm UTC

Wnderer wrote:How does PGP work? Can you send PGP encrypted emails only to people who have PGP decryption programs installed? If that is the case, how do you know if the people you want to send emails have PGP?


For your first question I would recommend (only down until history starts should be enough to give a good view):
http://en.wikipedia.org/wiki/Public-key_cryptography

You can send encrypted mails to people who do not have the program or a key but they would not be able to read them.
To be able to send encrypted e-mails to someone who should be able to read it, they recipient must have a key of their own. This is because when encrypting it for them you use their public key to encrypt the content and it will the only one able to decrypt it then will be people with access to their private key (hopefully only the intended recipient).
You can, however, always sign content (that is done with your key) and people without their own keys or programs will still be able to read the content. You and anyone with the program and with access to your public key will be able to verify that noone have tampered with the content and that it was created by someone using your private key (hopefully only known and used by you).

If a person have a key it would be safe to say that they would accept encrypted e-mails. If you cannot find a key for the person, then of course you should and could not send encrypted mails to them (at least not that they will be able to read).
There are specific keyservers where you can publish and retrieve keys for other people which is a popular way to retrieve keys. Note that you should preferably verify that the key actually belongs to the person by some other way before trusting it and there are ways to set up chains of trust but in general that is hard for more than closed groups at the moment.
One large keyserver is at http://pgp.mit.edu/ .

zeitpfeil
Posts: 11
Joined: Mon Aug 22, 2011 8:42 pm UTC

Re: 1181: "PGP"

Postby zeitpfeil » Mon Mar 04, 2013 5:07 pm UTC

Wnderer wrote:How does PGP work? Can you send PGP encrypted emails only to people who have PGP decryption programs installed? If that is the case, how do you know if the people you want to send emails have PGP?

PGP uses an asymmetric cryptographic protocol, i.e. every user has both a private and a public key. for encryption, the sender uses the public key of the recipient to encrypt, and the recipient then uses his private key for decryption, so you can only send encrypted mail to people who already have a key pair. For signing, you encrypt a hash value of your message with your private key, and the recipient then can get your public key from a repository where it's published, decrypt the signature and compare with the hash value.
Details can be found here:
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
The bottom line is, you can send only encrypted mail to someone who has a published public key, but you can send signed mails to everyone, and if they so desire they can download your public key and check wether the signature is valid.

Edit: Ninja'd

User avatar
TimXCampbell
Posts: 110
Joined: Wed Jul 27, 2011 4:26 am UTC
Location: Very Eastern Kentucky, USA
Contact:

Re: 1181: "PGP"

Postby TimXCampbell » Mon Mar 04, 2013 5:37 pm UTC

REDACTED
Last edited by TimXCampbell on Mon Mar 04, 2013 6:05 pm UTC, edited 2 times in total.

User avatar
Someguy945
Posts: 190
Joined: Fri Jul 22, 2011 5:09 am UTC

Re: 1181: "PGP"

Postby Someguy945 » Mon Mar 04, 2013 5:43 pm UTC

NiteClerk wrote:PIN number for the ATM machine


You appear to have a case of http://en.wikipedia.org/wiki/RAS_syndrome

User avatar
Coyne
Posts: 1109
Joined: Fri Dec 18, 2009 12:07 am UTC
Location: Orlando, Florida
Contact:

Re: 1181: "PGP"

Postby Coyne » Mon Mar 04, 2013 5:46 pm UTC

According to the comic, this meets the criteria of a safe message:

Code: Select all

----- BEGIN PGP SIGNED MESSAGE -----
This is my safe message.

Nittfagmtcttaotcoshioloeooohifhowemrlonmedeuedeinrtry.
In all fairness...

o11c
Posts: 5
Joined: Tue Jan 29, 2013 7:28 pm UTC

Re: 1181: "PGP"

Postby o11c » Mon Mar 04, 2013 5:48 pm UTC

I was hoping there would finally be an actual explanation that would bother me to set it up.

Of course, for me, the main problem is that I still use a web-based mail instead of a local one.

User avatar
TimXCampbell
Posts: 110
Joined: Wed Jul 27, 2011 4:26 am UTC
Location: Very Eastern Kentucky, USA
Contact:

Re: 1181: "PGP"

Postby TimXCampbell » Mon Mar 04, 2013 5:59 pm UTC

alpha754293 wrote:Use a GPU-based WinZIP cracker? It's been said that it's a LOT faster at doing that task.

That'd be good, except I'm using an old steam-powered budget computer with graphics support on the motherboard: It's called ATI XPress 200 and it's really slow.

If you've got access to a Blue Gene or something like that, I'd gladly give you the file for cracking. :)

endolith wrote:Oh, is that why I can't crack these old zip files that I've forgotten the password to? WinZip had a special compression method?

Yes. To the best of my recollection it's called ZipCrypto Deflate. No other ZIP program uses that method, as far as I know.

Confusion wrote:To use PGP or GPG is not that hard for e-mail and I think you have started from the wrong way around. Start with looking at the plugins that exist for your mailclient and then work from that.

A few years ago I sold my software company and shortly thereafter I finally stopped using SMTP and POP (with Pegasus) and simply switched to GMail, which (as you note) doesn't have PGP support. I wonder why they took that away?

Anyway, my health has deteriorated to the point where messing around with software config isn't as fun as it used to be, so I guess I'll just let others promote encryption. *SIGH* I look forward to the day when all inter-friend and company-client email we send is strongly encrypted, even if it's just to wish somebody happy birthday. I'm tired of people and programs reading my email in the name of “helpful” or “security.”

SamSam
Posts: 22
Joined: Fri Apr 03, 2009 4:00 pm UTC

Re: 1181: "PGP"

Postby SamSam » Mon Mar 04, 2013 6:58 pm UTC

Someguy945 wrote:
sardia wrote:Is there a joke I'm not getting? Time for google to tell me.


The method described in the comic is NOT sufficient to verify that an email is authentic.

However, in practice so few people use PGP that as soon as you see it, you know it's some crazy security-obsessed person and therefore legit. In other words, http://xkcd.com/1121/ all over again.



That is *not* the joke. The joke is that most people will assume that if it has "----- BEGIN PGP SIGNED MESSAGE -----" across the top, and a big block of random looking text at the bottom, most people will just assume it's legit and won't bother checking.

That's not sufficient at all, and the comic is making fun of the people who believe this.

It's like clicking on a bank's password reset link in an email, seeing the little VeriSign logo on the webpage, and just assuming it's fine to go ahead and punch in your password. It's like seeing "SCANNED BY NORTON ANTIVIRUS" on an email, and just assuming it's fine to download the attachment.
Last edited by SamSam on Mon Mar 04, 2013 7:17 pm UTC, edited 1 time in total.

User avatar
TimXCampbell
Posts: 110
Joined: Wed Jul 27, 2011 4:26 am UTC
Location: Very Eastern Kentucky, USA
Contact:

Re: 1181: "PGP"

Postby TimXCampbell » Mon Mar 04, 2013 7:09 pm UTC

President Obama is secretly controlled by invisible cows from Jupiter!

This message has been scanned by Norton Fact-CheckerTM and has been rated 100% accurate.

Jamaican Castle
Posts: 151
Joined: Fri Nov 30, 2007 9:10 pm UTC

Re: 1181: "PGP"

Postby Jamaican Castle » Mon Mar 04, 2013 7:15 pm UTC

We know they're invisible because we can't see them.

User avatar
TimXCampbell
Posts: 110
Joined: Wed Jul 27, 2011 4:26 am UTC
Location: Very Eastern Kentucky, USA
Contact:

Re: 1181: "PGP"

Postby TimXCampbell » Mon Mar 04, 2013 7:44 pm UTC

Jamaican Castle wrote:We know they're invisible because we can't see them.

I wish this forum had a "Thumbs Up" button! :)

User avatar
Xantix
Posts: 24
Joined: Tue Oct 30, 2012 5:16 pm UTC

Re: 1181: "PGP"

Postby Xantix » Mon Mar 04, 2013 7:49 pm UTC

And we know its secret because... oh, wait

villadelfia
Posts: 98
Joined: Sat Apr 28, 2007 2:35 am UTC

Re: 1181: "PGP"

Postby villadelfia » Mon Mar 04, 2013 7:57 pm UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well at least I'm not the only one that actually uses PGP.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJRNPydAAoJEHO6wTz/4NPvQiIQAIXfrT0W+1M86e/4pi5Wd2eP
PS7FYWQQvyGHEERXSVMjE7vt9gMf9vaQGR1e/iyvG7osnEu1qPIugb6qdmLfYb0/
WSbOfnK4lJnhgSyJBkrcDXwLCxeEoXkzbgKe5sr90+zQzqwo9mgxivdkX4At97QM
l5hDGRkPUFOOKrbthVnWElzEUyRxo4Y5vsB5Zf7saUYdfK38OVX0ZDpD5xGYbm2g
biHZLn5THPxWR0fjI0FPBc/9rwMutcg0RA8u0VcmhfJahypCV6GA020pMwSb9ZE7
Fj/rAk/6fwFs6YtoXDWOVseAWsXgfZ62cKPaNA/NaCUaPbjutRM1a9HaY/Y7rhbC
8GN//u6QWgk3SKfR5aJh1mK+3L3CeP+EESe1EzPsLqQQeD8DyfDOp6VROZUglcIs
m/x6NIouqqvZXmOJMpRWW6Z3ccB+mwF7eB6F54/5KMo21x+MaAR7jRA/OatcWJQg
+WtGNUFfsbIBH7CkyFN9Zvp0QeO6n+xxo5Vfipx0XjrWFqyXEFFynsz1JujcXQud
gz5aSPSPBcq4I1SfS92WtsR1295x1Qax1AVkS5UUch+2DLC2Kr2DprvNKxNk0P+t
XLeMzDKfjd62H8i4gsb4wbIWoWGLeAj2o8fZ1Ta5snYYL+0KJ6MH5gjeSBgs9P56
qnG56/QcNNg7jkZq3762
=1RRX
-----END PGP SIGNATURE-----

Fire Brns
Posts: 1114
Joined: Thu Oct 20, 2011 2:25 pm UTC

Re: 1181: "PGP"

Postby Fire Brns » Mon Mar 04, 2013 8:05 pm UTC

TimXCampbell wrote:President Obama is secretly controlled by invisible cows from Jupiter!

This message has been scanned by Norton Fact-CheckerTM and has been rated 100% accurate.

I'm not sure if that is actually a Norton link or if sendori is redirecting me.
Pfhorrest wrote:As someone who is not easily offended, I don't really mind anything in this conversation.
Mighty Jalapeno wrote:It was the Renaissance. Everyone was Italian.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Google [Bot], Velo Steve and 89 guests