IRC Log from 2015-03-05

00:16:48 *** badon_ (~badon@pdpc/supporter/active/badon) has joined #portableapps
00:16:48 *** badon has quit (Disconnected by services)
00:16:53 *** badon_ is now known as badon
02:20:59 *** Sui_dorimu (~wdwrwf@wikipedia/Antonio-Lopez) has joined #portableapps
02:21:23 *** Venusaur has quit (Ping timeout: 250 seconds)
02:21:28 *** Sui_dorimu is now known as Venusaur
03:57:46 *** AlleyKat has quit (Read error: Connection reset by peer)
04:13:17 *** rbrt13 (~erroneum@108-195-242-51.lightspeed.livnmi.sbcglobal.net) has joined #portableapps
04:23:03 <rbrt13> hello everyone
04:50:48 *** meb (~meb@63-155-107-78.chyn.qwest.net) has joined #portableapps
05:06:59 *** meb has quit (Quit: Leaving)
06:41:52 *** rbrt13 has quit (Quit: Leaving.)
08:39:52 *** meb (~meb@63-155-107-78.chyn.qwest.net) has joined #portableapps
09:00:01 *** badon_ (~badon@pdpc/supporter/active/badon) has joined #portableapps
09:00:01 *** badon has quit (Disconnected by services)
09:00:10 *** badon_ is now known as badon
09:08:52 *** meb has quit (Quit: Leaving)
10:36:46 *** tErik (~tErik@unaffiliated/terik) has joined #portableapps
10:38:43 <tErik> Hi, a request: if possible, please make a portale extension of "WebPG", and also a portable extension for portable GPG (classic 1.4.18 gpg).
10:40:39 <tErik> by the way, classic gpg 1.4.18 can use files from vanilla GPG4win files, and can work with HKPS protocols. if you want, i can post a note in my gist in github, on how to.
10:47:40 <tErik> MD5 and SHA1 are not secure. Please show SHA-256 hash/checksum code. And please use HTTPS site. a fair strength ssl-cert is $9 or less /per yr. declare ssl-cert's der/hash code in TLSA/DANE dns record, then sign your domain with DNSSEC, upload "DS" dns codes into your domain registry or into ISC-DLV site. Then users who use "DNSSEC-Validator" extension in web-browser can view your site very securely. large file should be delivered over a HTTP
10:47:41 <tErik> non-encrypted + faster conneciton, and SHA256 for portable apps should be shown over a HTTPS encrypted webpage, and used-SSL/TLS cer need to be verified with DANE + DNSSEC.
10:55:24 <tErik> http://www.infosecurity-magazine.com/news/sha-1-crypto-protocol-cracked-using-amazon-cloud/ published Nov 2010.
11:07:14 <tErik> A single core pentium4 2.6ghz in 2007 has broken md5 http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf
11:08:44 <tErik> it takes less than a second to break MD5 in current regular computers.
13:10:51 <OliverK> tErik, post it on the forums
13:10:55 <OliverK> also
13:11:16 <OliverK> md5 is not for encryption on the site, it is for verification of an untampered download
13:11:17 <OliverK> also
13:11:21 <OliverK> crc checks are enabled
13:11:54 <OliverK> on the installers, so you have two levels of verification
13:12:34 <OliverK> you seem to be the odd one that actually cares about that shit (besides maybe me) so yeah .... snowball's chance bud
13:12:41 <OliverK> Night All
13:51:56 <tErik> msg received, thanks for at-least readin it.
20:19:22 *** AlleyKat (~Miranda@87-58-89-59-dynamic.dk.customer.tdc.net) has joined #portableapps
23:54:14 *** rbrt13 (~erroneum@108-195-242-51.lightspeed.livnmi.sbcglobal.net) has joined #portableapps
23:54:48 <rbrt13> hello everyone