gnupg clearsigning question
vedaal at hush.com
vedaal at hush.com
Thu Dec 28 16:14:53 CET 2006
>Message: 6
>Date: Thu, 28 Dec 2006 00:30:43 -0500
>From: David Shaw <dshaw at jabberwocky.com>
>Subject: Re: gnupg clearsigning question
>DSA signatures contain random data, so even if you hacked around
>the
>timestamp problem, the signature would not match. RSA signatures
>do
>not contain random data.
Thanks!
this might be very useful,
and work out better without any special features
> why on earth would you want to construct such a
>massively convoluted way,
>involving hacking around the clock on your computer
the issue is the 'keyfile'
keyfiles are problematic, in that they have to be stored
'somewhere',
and if an attacker gets the storage media where it is stored,
then measures must be taken to prevent recovery of the keyfile by
the attacker
there are four general ways to do this:
(1) the simplest:
just encrypt the keyfile, and decrypt it when necessary
(the problem is that this calls attention to itself, by having an
encrypted file present, and authorities can demand the key, or the
session key, and recover the file)
(2) the most secure, (but most tedious):
have a folder of 7776 small textfiles, each having a diceware word
as one of the filenames,
and select a group of keyfiles the same way that a diceware
passphrase is selected
(the problem here is, that truecrypt keyfile selection does not
behave like word selection in a passphrase,
since the order of selection of keyfiles is not important,
and a keyfile cannot be used more than once,
so, while a passphrase of 'r' diceware words has a complexity of
7776^r,
a similarlry constructed selection of keyfiles,
has a complexity of only (7776 C r) = [(7776!) / (r!)([7776-r]!) ]
(btw, anyone want to provide a table of how many more keyfiles are
necessary for equivalent complexity?
i.e. to achieve a complexity of a 6, 10, or 20 diceware word
passphrase, how many diceware keyfiles would be necessary?)
(3)the gnupg signing way,
ideal, in that the keyfile is not present anywhere,
and cannot be constructed by anyone without the secret key,
and even if that is given up, the exact correct time needs to be
used
(4) the workaround i use now, (i think it's reasonably ok,
[electron microscopy file recovery is not in my threat model ;-)],
but i invite comments/criticism/suggestions):
create a textfile by copying a selected part of the gnupg manpage,
(present on the usb drive together with a gpg2go setup)
and then typing in a diceware passphrase on a separate line,
and using the resultant textfile as the keyfile,
and wiping it after use
tia,
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the Gnupg-users
mailing list