>Message: 6 >Date: Thu, 28 Dec 2006 00:30:43 -0500 >From: David Shaw <[EMAIL PROTECTED]> >Subject: Re: gnupg clearsigning question
>DSA signatures contain random data, so even if you hacked around >the >timestamp problem, the signature would not match. RSA signatures >do >not contain random data. Thanks! this might be very useful, and work out better without any special features > why on earth would you want to construct such a >massively convoluted way, >involving hacking around the clock on your computer the issue is the 'keyfile' keyfiles are problematic, in that they have to be stored 'somewhere', and if an attacker gets the storage media where it is stored, then measures must be taken to prevent recovery of the keyfile by the attacker there are four general ways to do this: (1) the simplest: just encrypt the keyfile, and decrypt it when necessary (the problem is that this calls attention to itself, by having an encrypted file present, and authorities can demand the key, or the session key, and recover the file) (2) the most secure, (but most tedious): have a folder of 7776 small textfiles, each having a diceware word as one of the filenames, and select a group of keyfiles the same way that a diceware passphrase is selected (the problem here is, that truecrypt keyfile selection does not behave like word selection in a passphrase, since the order of selection of keyfiles is not important, and a keyfile cannot be used more than once, so, while a passphrase of 'r' diceware words has a complexity of 7776^r, a similarlry constructed selection of keyfiles, has a complexity of only (7776 C r) = [(7776!) / (r!)([7776-r]!) ] (btw, anyone want to provide a table of how many more keyfiles are necessary for equivalent complexity? i.e. to achieve a complexity of a 6, 10, or 20 diceware word passphrase, how many diceware keyfiles would be necessary?) (3)the gnupg signing way, ideal, in that the keyfile is not present anywhere, and cannot be constructed by anyone without the secret key, and even if that is given up, the exact correct time needs to be used (4) the workaround i use now, (i think it's reasonably ok, [electron microscopy file recovery is not in my threat model ;-)], but i invite comments/criticism/suggestions): create a textfile by copying a selected part of the gnupg manpage, (present on the usb drive together with a gpg2go setup) and then typing in a diceware passphrase on a separate line, and using the resultant textfile as the keyfile, and wiping it after use tia, vedaal Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
