CAST5

On 06/17/2012 11:56 AM, Sam Smith wrote:
> Curious as to why the encryption standard AES is not used to encrypt
> secret keys for GPG?

Because GnuPG predates AES. When GnuPG 1.0 came out AES has yet to be
invented. CAST5-128 was the choice back then, and nobody’s changed it
yet — at least partially because it doesn’t need to be changed: there
are no known attacks on CAST5-128.

> Do people generally change the cipher to AES when generating their
> secret key?

This is impossible to answer definitively, because nobody has a
perspective on what the whole of the GnuPG community is doing with our
gpg.conf files. That said, I think you will find only a minority of
users do this. I don’t, and I’ve never heard any of my correspondents
say that they do.

Package integrity

lists all the known and accepted keys in YUM
rpm -qa gpg-pubkey*
gives you more details about a particular key
rpm -qi gpg-pubkey-xxxxxxx-xxxxxxx | grep Summary
so if you don’t know it or don’t like it just phase it out:
rpm -e gpg-pubkey-xxxxxxx-xxxxxxx

Veryfying any software package with GnuPG and signature file
Downloading the public key of the person that has signed the package and verification
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x00000000000
gpg --fingerprint 0x00000000000

Check on the website where the person publishes its gpg fingerprint and compare.
gpg --verify signature-file.asc software-package.tar.xz
You should get “Good signature” if correct

GPG reminder:
gpg --list-keys
gpg --keyserver hkp://pgp.mit.edu --search-keys [name]
gpg --delete-key

Privacy in Linux

To be honest after a while I have noticed these repositories on my system:
adobe-linux-x86_64.repo
dropbox.repo
google-chrome.repo
google-talkplugin.repo
Doesn’t it look like a bunch of well known corporations?
I have added them myself while trying to achieve some other tasks.
I have removed them.

The other thing I want to get rid of is Adobe Flash Player, Skype and TeamViewer.
Skype and TeamViewer is already gone. You can replace heavy Skype with Google Hangout (I am not saying that it is more secure, but at least executes itself from the browser as plugin not as another application).
Finally Adobe Flash Plugin can be replaced with gnash and lightspark.

The other repositories I am concerned of is RPMFUSION that gives you a lot of stuff, but who knows what non-free software do they distribute. After reading this article we can believe that their genuine intentions are long lasting. I wish them all the best then.

The last corporation thing that stays with me is Dropbox.

Company is limited

My office manager is a non-technical lady.
We are very short of technical people, but because she cannot do any technical stuff she still have time writing long emails to me that the client is chasing up, is unhappy a 10 other things, so I even waste more time reading her emails.