Talk:1181: PGP

Explain xkcd: It's 'cause you're dumb.
(Difference between revisions)
Jump to: navigation, search
m (Do not separate my signature from my comment)
Line 7: Line 7:
  
 
With public key systems like PGP you need the public key of the other person to verify the authenticity of the message. Most people do not use PGP or do not know how it works or are just lazy. Some of those are convinced enough just by the outer looks of a signed email: The starting block and the jumbled chars at the end. It is like being impressed by a signature per se in real life without knowing what the one of the person you write to looks like. I think the allusion to pretty good is coincidental. Sebastian --[[Special:Contributions/178.26.118.249|178.26.118.249]] 08:11, 4 March 2013 (UTC)
 
With public key systems like PGP you need the public key of the other person to verify the authenticity of the message. Most people do not use PGP or do not know how it works or are just lazy. Some of those are convinced enough just by the outer looks of a signed email: The starting block and the jumbled chars at the end. It is like being impressed by a signature per se in real life without knowing what the one of the person you write to looks like. I think the allusion to pretty good is coincidental. Sebastian --[[Special:Contributions/178.26.118.249|178.26.118.249]] 08:11, 4 March 2013 (UTC)
 +
 +
:Email client is supposed to automatically check the signature and report it's validity in a way which can't be counterfeited. Few if any do. On the other hand, how much do you really want to need the email is signed? Unless it's asking for password or something, which would be suspicious anyway ... (and in that case, you should reply by ENCRYPTED email. By definition, email encrypted with public key of someone you trust posted to attacker should be useless to him).
 +
:Personally, I don't PGP sign my emails because noone I'm regularly writting to would be able to verify the signature. -- [[User:Hkmaly|Hkmaly]] ([[User talk:Hkmaly|talk]]) 09:27, 4 March 2013 (UTC)
  
 
There is an interesting comparison to do with regular handwritten signature, as this is exactly how people check the authenticity of a handwritten signed document: check for a signature. If there is one, and if there is, even if you never saw a sample of that signature, trust it. However, as with cryptographic signature with an unknown key, this does rely one something: the fact that it is forbidden, and punishable, to counterfeit one's signature, even if it is badly done (as in: write a random signature, hoping that the recipient does not know the real signature of the alleged author). -- [[User:Elessar|Elessar]] ([[User talk:Elessar|talk]]) 09:02, 4 March 2013 (UTC)
 
There is an interesting comparison to do with regular handwritten signature, as this is exactly how people check the authenticity of a handwritten signed document: check for a signature. If there is one, and if there is, even if you never saw a sample of that signature, trust it. However, as with cryptographic signature with an unknown key, this does rely one something: the fact that it is forbidden, and punishable, to counterfeit one's signature, even if it is badly done (as in: write a random signature, hoping that the recipient does not know the real signature of the alleged author). -- [[User:Elessar|Elessar]] ([[User talk:Elessar|talk]]) 09:02, 4 March 2013 (UTC)

Revision as of 09:27, 4 March 2013

I don't really understand what's funny about this comic. 76.106.251.87 05:53, 4 March 2013 (UTC)

Perhaps the fact that an email is encrypted (or pretends to be) at all? Most emails aren't encrypted, or none of the ones I send or get are. :D 59.10.72.121 06:28, 4 March 2013 (UTC)

I think merely the fact that PGP is in the email itself suggests the sender of the email is probably just a big nerd and therefore can be trusted. 153.90.91.1 (talk) (please sign your comments with ~~~~)

Isn't it that those markers could very simply just have been typed in, rather than being part of the decryption system? DonGoat (talk) 07:41, 4 March 2013 (UTC)

With public key systems like PGP you need the public key of the other person to verify the authenticity of the message. Most people do not use PGP or do not know how it works or are just lazy. Some of those are convinced enough just by the outer looks of a signed email: The starting block and the jumbled chars at the end. It is like being impressed by a signature per se in real life without knowing what the one of the person you write to looks like. I think the allusion to pretty good is coincidental. Sebastian --178.26.118.249 08:11, 4 March 2013 (UTC)

Email client is supposed to automatically check the signature and report it's validity in a way which can't be counterfeited. Few if any do. On the other hand, how much do you really want to need the email is signed? Unless it's asking for password or something, which would be suspicious anyway ... (and in that case, you should reply by ENCRYPTED email. By definition, email encrypted with public key of someone you trust posted to attacker should be useless to him).
Personally, I don't PGP sign my emails because noone I'm regularly writting to would be able to verify the signature. -- Hkmaly (talk) 09:27, 4 March 2013 (UTC)

There is an interesting comparison to do with regular handwritten signature, as this is exactly how people check the authenticity of a handwritten signed document: check for a signature. If there is one, and if there is, even if you never saw a sample of that signature, trust it. However, as with cryptographic signature with an unknown key, this does rely one something: the fact that it is forbidden, and punishable, to counterfeit one's signature, even if it is badly done (as in: write a random signature, hoping that the recipient does not know the real signature of the alleged author). -- Elessar (talk) 09:02, 4 March 2013 (UTC)

Personal tools
Namespaces

Variants
Actions
Navigation
Tools

It seems you are using noscript, which is stopping our project wonderful ads from working. Explain xkcd uses ads to pay for bandwidth, and we manually approve all our advertisers, and our ads are restricted to unobtrusive images and slow animated GIFs. If you found this site helpful, please consider whitelisting us.

Want to advertise with us, or donate to us with Paypal or Bitcoin?