Re: Recommended key size for life long key
I just use 4096 bit because that is the biggest size my OpenPGP Cards can handle. In my opinion using a smart card instead of online keys increase security far more than strange large key sizes! I also see no point using less than 4096 because modern hardware is fast enough. Maybe my keys last longer that way. Am 01.09.2013 02:43 schrieb Robert J. Hansen r...@sixdemonbag.org: On 08/31/2013 05:46 AM, Ole Tange wrote: The FAQ http://www.gnupg.org/faq/GnuPG-FAQ.html#what-is-the-recommended-key-size recommends a key size of 1024 bits. Reading http://www.keylength.com/en/4/ I am puzzled why GnuPG recommends that. It shouldn't; NIST recommends 2048 bits for 20 years of security. NIST notably makes no recommendations past 20 years, as they are deeply skeptical of their ability to forecast out that far. I suspect your ability is no greater than theirs is, so I'd be very careful about declaring a 10K key to be greater than your natural lifespan. Per NIST, a 2048-bit key is of comparable difficulty to breaking 3DES. Given the tremendous level of confidence people have in the long-term suitability of 3DES, I am convinced a 2048-bit key will outlast my ability to remember the passphrase to it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Recommended key size for life long key
On Sun, Sep 1, 2013 at 12:12 PM, Josef Schneider jo...@netpage.dk wrote: I just use 4096 bit because that is the biggest size my OpenPGP Cards can handle. In my opinion using a smart card instead of online keys increase security far more than strange large key sizes! I also see no point using less than 4096 because modern hardware is fast enough. Maybe my keys last longer that way. One of the problems that this kind of discussion highlights is that moving to new keys is a real pest. People keep keys long after they really should and are reluctant to change keys because getting a given key certified and trusted is a pain - even with the web of trust. In a more ideal world, no one would want a key to last longer than a few years, and replacing keys at regular intervals would be the norm. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Recommended key size for life long key
On Sun, Sep 01, 2013 at 01:18:12PM +0100, Nicholas Cole wrote: On Sun, Sep 1, 2013 at 12:12 PM, Josef Schneider jo...@netpage.dk wrote: I just use 4096 bit because that is the biggest size my OpenPGP Cards can handle. In my opinion using a smart card instead of online keys increase security far more than strange large key sizes! I also see no point using less than 4096 because modern hardware is fast enough. Maybe my keys last longer that way. One of the problems that this kind of discussion highlights is that moving to new keys is a real pest. People keep keys long after they really should and are reluctant to change keys because getting a given key certified and trusted is a pain - even with the web of trust. In a more ideal world, no one would want a key to last longer than a few years, and replacing keys at regular intervals would be the norm. I carried a 1024 bit key for 5 years (2004-2009). For me it was easy to change over to newer size in 2009 because never been able to get my key signed. Next set made use of sub keys, in hopes of futur getting them signed, and just using bigger/better sub keys as need arose. Alas, 5 years later and still not found any other gpg uses so no signatures. Wolf signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Recommended key size for life long key
On 09/01/2013 02:45 PM, Johan Wevers wrote: Why? What's the advantage of that? I replace keys after I they have a chance of being compromised, but not before. Same for my mail domain - I created a ssh certificate that is valid for 50 years (unlimited was not an option) and I'll replace it whan I fear intrusions or crypto breakthroughs make it unsecure. Not before. The longer a key is in use the greater the chance of compromise. Just because you believe it has not been compromised doesn't make it so. By regenerating keys every so often you drastically lessen the chances of a key being compromised or of a possible compromise having as much effect on you. There is a reason things like IPSEC keys are renegotiated after so many minutes or after so many bytes are transmitted. :) -- Larry Brower, CCNA Fedora Ambassador - North America Fedora Quality Assurance lbro...@fedoraproject.org http://www.fedoraproject.org/ 0x0806CF8B.asc Description: application/pgp-keys ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Recommended key size for life long key
On 1-9-2013 14:18, Nicholas Cole wrote: In a more ideal world, no one would want a key to last longer than a few years, and replacing keys at regular intervals would be the norm. Why? What's the advantage of that? I replace keys after I they have a chance of being compromised, but not before. Same for my mail domain - I created a ssh certificate that is valid for 50 years (unlimited was not an option) and I'll replace it whan I fear intrusions or crypto breakthroughs make it unsecure. Not before. Your advice makes me think of company password policies where you have to change it every month, leading to passwordprefix01, passwordprefix02, ..., passwordprefix12. Complete waste of effort. -- Met vriendelijke groet / With kind regards, Johan Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Can I revitalise an old key-pair?
I'm returning to GPG, and Enigmail, and not for the first time. This means that I have earlier generated key-pairs and uploaded them to servers like keys.pgp.net or something like that. I did this first time in 1999 and have done several new attempts later, and now have seven key-pairs on the server. Latest I have generated a key-pair in 2011. Unfortunately, every time my use of GPG fades out, because non of my contacts really join in. And it's not much fun exchanging signed and encrypted mails with myself :-) This time, with all the media on governments peeping into peoples private mails, I think I have a better chance to get many of my friends to jump on-bord. My problem: I stead of generating yet another key-pair, how do I revitalise on of my existing key-pairs. This said, I have only what I can download from a key-server, and I do in fact remember the password, for some of them. Do the key-server have all the information I need to re-use an existing key-pair (provided I remember the password)? Or do I need to get one of my old computers up and running, hoping to find some sort of key file there. If you can point to any online material, tutorial or the likes, that do not start with 'Generate a key-pair' then I would appreciate the a lot... :-) Best regards Martin Hvidberg Latest fingerprint: D3DA 61B7 610C E8A1 75C7 1DA1 0B24 7DB3 4AF0 1B83 -- View this message in context: http://gnupg.10057.n7.nabble.com/Can-I-revitalise-an-old-key-pair-tp32165.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I revitalise an old key-pair?
On Sun, Sep 1, 2013 at 2:57 PM, MartinHvidberg mar...@hvidberg.net wrote: I'm returning to GPG, and Enigmail, and not for the first time. This means that I have earlier generated key-pairs and uploaded them to servers like keys.pgp.net or something like that. I did this first time in 1999 and have done several new attempts later, and now have seven key-pairs on the server. Latest I have generated a key-pair in 2011. While it can be tempting to use particularly old keys (such as those made in 1999), the maximum length at the time (1024-bit DSA keys) makes them borderline too-short for modern usage. Even if you regain access to your 1999-era secret key, you should probably consider transitioning to a new, stronger keypair. See http://www.debian-administration.org/users/dkg/weblog/48 for some useful information on the subject. My problem: I stead of generating yet another key-pair, how do I revitalise on of my existing key-pairs. This said, I have only what I can download from a key-server, and I do in fact remember the password, for some of them. The keyservers only store the public part of your key. This is not sufficient to derive the secret key (if it was, that'd be a Bad Thing). If you do not have your secret key that corresponds to the public key you wish to, as you say, revitalize, then there's nothing you can do except create a new keypair. That, or develop some major advancements in the field of mathematics that would allow you to derive the secret key from the public key (which would break the whole system, rendering the exercise moot). Do the key-server have all the information I need to re-use an existing key-pair (provided I remember the password)? Unfortunately not. Or do I need to get one of my old computers up and running, hoping to find some sort of key file there. If you go through your old systems and are able to find the relevant secret key files or the GPG/PGP keyring files, then you can continue using that keypair. If you cannot find the secret key, you'll need to create a new keypair. :/ If you can point to any online material, tutorial or the likes, that do not start with 'Generate a key-pair' then I would appreciate the a lot... :-) I suppose the only step that'd come before that would be find your secret key. If you can't do that, you're sort of hosed. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I revitalise an old key-pair?
On 01-09-2013 23:15, Pete Stephenson wrote: While it can be tempting to use particularly old keys (such as those made in 1999), the maximum length at the time (1024-bit DSA keys) PGP 2.6 existed already in that time, with a maximum keysize of 2048 bit RSA. Those were v3 keys but still perfectly usable. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I revitalise an old key-pair?
Pete Stephenson wrote: On Sun, Sep 1, 2013 at 2:57 PM, MartinHvidberg mar...@hvidberg.net wrote: Or do I need to get one of my old computers up and running, hoping to find some sort of key file there. If you go through your old systems and are able to find the relevant secret key files or the GPG/PGP keyring files, then you can continue using that keypair. If you cannot find the secret key, you'll need to create a new keypair. :/ On *nix and similar systems (MacOSX, Cygwin) GnuPG stores keyring files in ~/.gnupg (~ = your login directory: /home/username or /Users/username) On Windows XP and older, keyring files were stored in drive:\Documents and Settings\username\Application Data\Gnupg Windows Vista and newer versions use drive:\Users\username\AppData\Roaming\gnupg You'll want the contents for all of the directories you can find. A tool such as the linux-based SystemRescueCD [http://www.sysresccd.org/ ] makes this task somewhat easier. You should be able to use the newest set of keyring files directly. The keys in the older keyring files may be imported later. -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I revitalise an old key-pair?
On Sun, Sep 01, 2013 at 05:57:57AM -0700, MartinHvidberg wrote: I'm returning to GPG, and Enigmail, and not for the first time. This means that I have earlier generated key-pairs and uploaded them to servers like keys.pgp.net or something like that. I did this first time in 1999 and have done several new attempts later, and now have seven key-pairs on the server. Latest I have generated a key-pair in 2011. Unfortunately, every time my use of GPG fades out, because non of my contacts really join in. And it's not much fun exchanging signed and encrypted mails with myself :-) This time, with all the media on governments peeping into peoples private mails, I think I have a better chance to get many of my friends to jump on-bord. My problem: I stead of generating yet another key-pair, how do I revitalise on of my existing key-pairs. This said, I have only what I can download from a key-server, and I do in fact remember the password, for some of them. Do the key-server have all the information I need to re-use an existing key-pair (provided I remember the password)? Or do I need to get one of my old computers up and running, hoping to find some sort of key file there. If you can point to any online material, tutorial or the likes, that do not start with 'Generate a key-pair' then I would appreciate the a lot... :-) Best regards Martin Hvidberg Latest fingerprint: D3DA 61B7 610C E8A1 75C7 1DA1 0B24 7DB3 4AF0 1B83 Cheers Martin. You will have to find your old keys on one of your machines. Otherwise make a new pair. hint if make new pair, make a revoke cert for it, but saved in a safe place. So you can revoke it if you lose the secret key/passphrase. And for more paraniod leaning about key stubs (secret key without main key, just the sub keys) http://tjl73.altervista.org/secure_keygen/keygen_frame_en.html Wolf signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Can I revitalise an old key-pair?
On 09/01/2013 09:15 PM, Pete Stephenson wrote: On Sun, Sep 1, 2013 at 2:57 PM, MartinHvidberg mar...@hvidberg.net wrote: I'm returning to GPG, and Enigmail, and not for the first time. This means that I have earlier generated key-pairs and uploaded them to servers like keys.pgp.net or something like that. I did this first time in 1999 and have done several new attempts later, and now have seven key-pairs on the server. Latest I have generated a key-pair in 2011. While it can be tempting to use particularly old keys (such as those made in 1999), the maximum length at the time (1024-bit DSA keys) makes them borderline too-short for modern usage. Even if you regain access to your 1999-era secret key, you should probably consider transitioning to a new, stronger keypair. See http://www.debian-administration.org/users/dkg/weblog/48 for some useful information on the subject. Pete, it is not your advice which I agree with whole-heartedly but Debian's choice of order for their digests and to a certain extent their symmetric ciphers where they made the unwarranted assumption that bigger is better and biggest is best. Remember the person on the other side may NOT have your latest and greatest umpteen-core machine. Taking those people into account this may be better choice (and is NOT what I use but is close): setpref SHA256 SHA512 SHA384 SHA224 Actually I have SHA1 as the option before SHA384 and don't have SHA224 due to some statements that lead me to believe it could cause problem. Maybe there wouldn't be problems. But what if SHA1 is all they can do? Okay, you can do it but I don't like it. But SHA1 is better than nothing especially if it is for just a one-off message. The reason why is if you pick SHA512 first, while more secure (unless the argument that they are all vulnerable to the same attack since they are all the same family) your detached signatures will be awfully large. SHA384 and SHA224 may have limited or no support. Paradoxically, AES256 AES192 had weaknesses that made them less safe than AES (AES-128) several years back. May I humbly suggest TWOFISH or one of the CAMELLLIA ciphers as a first choice UNTIL you determine whether or not the fixes for AES-256 and AES-192 are retroactive? DID THEY GET THEM FIXED? I am just assuming they did but that means I HOPE the older implementation and the newer one can easily be discerned when you do the decipher. If that can not be done then you would have needed to decipher the old style AES-256 before the change happened and will be hosed if time rolls on and that was not done. CAST5 is a good last choice because some of the time that is all others can handle. Make sure CAST5 is always a last or next to last choice because that may be all that they can do with a limited horsepower box. You may even want 3DES as a last option for those that got stuck there for some reason. IDEA? Your call. I assume everybody can handle CAST5. http://www.securemecca.com/public/GnuPG/GnuPG_Prefs.txt Compression? The symmetric ciphers seem to always have better compression than either zlib (gzip) or zip. They are on par with either bzip2 or 7-zip (7-zip is not available in OpenPGP). I would just use and do use Uncompressed. Even if the orginal writer can dig up their old keys (the key-servers have only the public side), do they remember their pass-phrase? I know others will disagree with me on this but that is why I say you should have (unless you work for Amnesty International, a government attache, high levels of a company with confidential data, etcetera): 1. Keys created with a time to expire. I know my 10 year lifetime is ambitious and they will probably have to be revoked before then. But keys with no expire dates are just crazy. If for no other reason a reasonable time-span (10 years is really stretching it) allows people to walk away and their old keys on the key servers will gracefully and mercifully expire. What happens if you got struck by a Peterbilt and were killed? But even if you didn't get killed you can NOT use them forever. Time marches on and what was good 10+ years ago (3DES) is no match for modern CPU power. Actually all those top-secret places should be creating keys that expire as well. Keys that last forever are an impossible hope. 2. A revoke file created with --gen-revoke redirected to a file and then the file enciphered. See number 4. 3. The pass-phrase written down on a sheet of paper and stored in a safe place. Remember this is advice for normal people. Did I do this with mine? No, but that is because I use them almost every day. Store this in a DIFFERENT LOCATION than where the backup of the keys and the backup of revoke are stored (see next). Ditto for the passwords of the zips. Store them with the pass-phrase, NOT with the zips. But be sure to store both where you can get them later. 4. If possible, the backup of the keys themselves in an an enciphered file, along with the enciphered revoke all
Re: Can I revitalise an old key-pair?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello MartinHvidberg ! MartinHvidberg mar...@hvidberg.net wrote: My problem: I stead of generating yet another key-pair, how do I revitalise on of my existing key-pairs. This said, I have only what I can download from a key-server, and I do in fact remember the password, for some of them. Do the key-server have all the information I need to re-use an existing key-pair (provided I remember the password)? The keyserver holds only your public key; obviously you need the secret key at home. What you should do in my opinion, is recover all the old key pairs you are able to get (with the passphrase), and revoque them but keep them (for the case you still get a message encrypted with one of those so you can read it anyway), and send them to the servers. You can choose one existing key pair (or create a new one), with a signing (main) key allowing use of most recent signing algorithms (with a 1024 signing key you'll reach RIPEMD160 as a maximum Digest-Algo) And create subkeys from time to time, depending on the risk (keyloggers if you are using non safe PC, USB stealing), and uploading to servers. - -- Laurent Jumet KeyID: 0xCFAF704C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (MingW32) iHEEAREDADEFAlIkEB0qGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMD5gAoKJ6lC78nTGYQjyCiR+b8h02ifjlAKD4 TGa9YWsfGbGY2/JsKTKhzjSzHg== =Gl2l -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users