Comment on [deleted]
MidnightMan@lemmy.world 1 week agoA Matrix server is one of the applications that I’m running, but I don’t let any random Joe into my place of work. Manually PGP’ed messages over email is perfectly viable for first contact.
Comment on [deleted]
MidnightMan@lemmy.world 1 week agoA Matrix server is one of the applications that I’m running, but I don’t let any random Joe into my place of work. Manually PGP’ed messages over email is perfectly viable for first contact.
horse_battery_staple@lemmy.world 1 week ago
The PGP key has to be shared plaintext… that makes it useless as anyone can sign it after that. Again email is the worst way to do this.
If you cannot host a secured and sandboxed Matrix server, I personally do not trust your security hygiene.
JD Vance was Peter Thiel’s best little buddy and he’s running Palintir.
DO NOT USE EMAIL FOR THIS.
CrayonRosary@lemmy.world 1 week ago
You need the private key to sign anything. The public key is only for encrypting outgoing emails which only the person with the private key can decrypt.
People have been using PGP over email for literally decades. You do not know what you’re talking about.
horse_battery_staple@lemmy.world 1 week ago
blog.mobilehelix.com/…/secure-email-is-cracked-ef…
CrayonRosary@lemmy.world 1 week ago
Did you even read that article? It has nothing to do with what I said. I pointed out that you don’t understand how public key encryption works, and you replied with an article about an exploit that does not refute what I said. An exploit that can be avoided by simply not clicking “load images”. An exploit that has probably been fixed in a client like Thunderbird anytime over the past six years.
I don’t know why I’m wasting my time with you. You can’t even argue in good faith.
hendrik@palaver.p3x.de 1 week ago
Nice attack. But does this have any real-world consequences? I mean the attacker is decrypting their own email here, as far as I understand. This shouldn't be possible. But it doesn't really do harm, does it? I mean they wrote that text themselves, so they already know what's in there?!
lordnikon@lemmy.world 1 week ago
This is so wrong you don’t share anything with PGP you never share a private key with anyone and you can shared your public key with anyone it’s useless without the private key.
horse_battery_staple@lemmy.world 1 week ago
You can verify that I have your public key. Great, I still have no way to verify you. You’re a 22 hour old account spamming DMs asking to move to a less secure platform. It’s not the way this is done.
lordnikon@lemmy.world 1 week ago
Yes you can as bitch about the spam all day long but if you are going to, be correct about the technology you are talking
Also you can so verify them via their public key. Pgp has the ability to sign plain text documents but not encrypt for just that reason.
MidnightMan@lemmy.world 1 week ago
Fuck. I thought I was paranoid.
At every step of the way, you’ve managed to speculate and assume that I’m using the worst security practices possible. Stop.