Fwd: The GnuPR FAQ
Robert J. Hansen rjh at sixdemonbag.org wrote on Tue May 12 16:41:09 CEST 2020: >You can get by just fine in most everyday English with a vocabulary of >5,000 words. Stick to those words and you'll have an easy-to-remember >passphrase. = That's absolutely correct, Horse! Battery Staple https://xkcd.com/936/ 8^) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Question / sync keyrings between devices
Question, Is there anything out there, think bittorrent-sync, that allows for syncing your full keyring between devices? Would it be enough to simply use bittorrent-sync to sync your .gnupg folder? I get the —export / —import but what about automating it a lil’ bit? Something peer to peer preferably. Sent from my iPhone ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
> However, I would be interested to know which ECC cipher would you > recommend to replace RSA. "Yes". :) Back when we got these questions -- Elgamal? RSA? DSA? Help? -- we used to tell people what mattered far, far more than which algorithm they used was how much care they gave to their system. Keep your system malware-free. Don't sign things willy-nilly without reading them first. Be careful who you share your system with. Etcetera. I have never ever heard of a cryptographic break against OpenPGP. I've seen people be careless many times. I'm far more worried about that than I am which algorithm you use. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
On 12-05-2020 17:04, Sylvain Besençon via Gnupg-users wrote: >> Probably not. The future is elliptical-curve cryptography, which will >> bring a level of safety comparable to RSA-16384. Yes, if attacked by classical computers. > However, I would be interested to know which ECC cipher would you > recommend to replace RSA. None at all. I'd say probably one of these: https://en.wikipedia.org/wiki/Post-quantum_cryptography but I am no expert. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
W dniu 12.05.2020 o 17:04, Sylvain Besençon via Gnupg-users pisze: > In the FAQ, it is written: >> Will GnuPG ever support RSA-3072 or RSA-4096 by default? >> Probably not. The future is elliptical-curve cryptography, which will bring >> a level of safety comparable to RSA-16384. Every minute we spend arguing >> about whether we should change the defaults to RSA-3072 or more is one >> minute the shift to ECC is delayed. Frankly, we think ECC is a really good >> idea and we’d like to see it deployed as soon as humanly possible. > (https://www.gnupg.org/faq/gnupg-faq.html#default_rsa2048) > > So, I guess the key size is not the only criteria to evaluate the strength of > a cipher and ECC still provides better results despite shorter keys. > > However, I would be interested to know which ECC cipher would you recommend > to replace RSA. I am not a cryptographer and I don't find any information (or > more honestly: information that I can understand) about Curve 25519, NIST > P-256 (and greater), Brainpool, or secp256k1. Disclaimer: I am not a cryptographer either, let's just say I am an advisor. So, anybody, please correct me, if needed. 1. In terms of key size Curve 25519 and P-256 should have same strength: ~128 bits (== comparing with good symmetric cipher, like AES). Generally decent ECC strength = ~0.5 * key_length_in_bits. 2. Curve 25519 is very easy to implement in such a way that the implementation is fast. Implementations of other curves are usually slower. 3. Curve 25519 is generally easier to implement and easier to implement in such a way that avoids many common security pitfalls, like vulnerability to timing attacks. 4. The design of Curve 25519 is public, (is believed to be) software patent free and all constants in it are derived in an easily explainable ways. There are no "magic numbers" out of nowhere that may be just random or maybe were chosen by designers to make some kind of backdoor - but you can never prove that they are innocent since obviously you can't prove that random number was indeed chosen truly randomly. 5. Curve 25519 was designed by DJB, an (mostly) independent security expert while others were designed/standardized by big organizations that (given indirect evidence and rumors) may not be that trustworthy. 6. This is why many new (and not only, see SSH) protocols tend to choose Curve 25519. But in PGP you should be careful because many implementations (and/or older versions) don't support it. So if you want portability/interoperability you may want some other curve or RSA, especially for the main and signing key. 7. If you want something stronger than Curve 25519 that (is believed to) share similar benefits try Curve 448 (~224 bits of security). But I am not sure if PGP implements it (yet?). -- Grzegorz Kulewski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
On Tue, May 12, 2020 at 11:24:57AM +0200, Johan Wevers wrote: > > For example, a 256 bit elliptic curve key has a similar strength to > > a symmetric key of 128 bits. > > Until, of course, a working quantum computer with more than a few qubits > is constructed. Don't worry, there's literally trillions of dollars worth of bitcoins riding on the premise that this will never happen. ;) -K ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
Sylvain Besençon via Gnupg-users wrote: > Le 12.05.20 à 11:24, Johan Wevers a écrit : > > On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote: > > > >> For example, a 256 bit elliptic curve key has a similar strength > >> to a symmetric key of 128 bits. > > > > Until, of course, a working quantum computer with more than a few > > qubits is constructed. Then ECC is much more vulnerable than RSA or > > ElGamal due to its smaler keysize (of course once a 256 bit quantum > > computer gets constructed I would also worry about 8192 bit RSA > > being vulnerable too in the very near future). > > > > Hi, > > In the FAQ, it is written: > > Will GnuPG ever support RSA-3072 or RSA-4096 by default? > > Probably not. The future is elliptical-curve cryptography, which > > will bring a level of safety comparable to RSA-16384. Every minute > > we spend arguing about whether we should change the defaults to > > RSA-3072 or more is one minute the shift to ECC is delayed. > > Frankly, we think ECC is a really good idea and we’d like to see it > > deployed as soon as humanly possible. > (https://www.gnupg.org/faq/gnupg-faq.html#default_rsa2048) > > So, I guess the key size is not the only criteria to evaluate the > strength of a cipher and ECC still provides better results despite > shorter keys. > > However, I would be interested to know which ECC cipher would you > recommend to replace RSA. I am not a cryptographer and I don't find > any information (or more honestly: information that I can understand) > about Curve 25519, NIST P-256 (and greater), Brainpool, or secp256k1. I am no cryptographer either, but what I have observed is that most apps nowadays use djb's Curve 25519. secp256k1 could be interesting if you have a Bitcoin Wallet or use Bitmessage and want to use those GnuPG subkeys also for Bitcoin transactions[1], or for Bitmessage. [1] I once send Niibe-san (GnuPG dev.) some Satoshi to his Bitcoin address, which he has as GnuPG sec256k1 subkey. Regards Stefan -- Signal (Desktop) +4915172173279 https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
Le 12.05.20 à 11:24, Johan Wevers a écrit : On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote: For example, a 256 bit elliptic curve key has a similar strength to a symmetric key of 128 bits. Until, of course, a working quantum computer with more than a few qubits is constructed. Then ECC is much more vulnerable than RSA or ElGamal due to its smaler keysize (of course once a 256 bit quantum computer gets constructed I would also worry about 8192 bit RSA being vulnerable too in the very near future). Hi, In the FAQ, it is written: Will GnuPG ever support RSA-3072 or RSA-4096 by default? Probably not. The future is elliptical-curve cryptography, which will bring a level of safety comparable to RSA-16384. Every minute we spend arguing about whether we should change the defaults to RSA-3072 or more is one minute the shift to ECC is delayed. Frankly, we think ECC is a really good idea and we’d like to see it deployed as soon as humanly possible. (https://www.gnupg.org/faq/gnupg-faq.html#default_rsa2048) So, I guess the key size is not the only criteria to evaluate the strength of a cipher and ECC still provides better results despite shorter keys. However, I would be interested to know which ECC cipher would you recommend to replace RSA. I am not a cryptographer and I don't find any information (or more honestly: information that I can understand) about Curve 25519, NIST P-256 (and greater), Brainpool, or secp256k1. Thanks for the feedback, Best, Sylvain ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Checking multiple smart cards before asking for one
On Dienstag, 12. Mai 2020 10:56:19 CEST Valentin Ochs wrote: > Hi there, > > I have two smart cards, a regular card that I plug into the builtin reader > of my laptop and a yubikey, that have two different keys on them. I store > some passwords in a file that is encrypted with both keys. > > When I try to access the passwords, pinentry will always ask me to insert > the yubikey first, even if the other card is already inserted. > > Is there a way to define the order this is checked per machine (the laptop > will usually use the card reader, other machines the yubikey), or to force > gpg to check for all cards before asking me to provide one? I'm up for > trying to patch this myself, if somebody will point me in a rough direction Maybe you should optimize for what appears to be your usual scenario (laptop + card reader versus other machines + yubikey) and simply remove the yubikey key from the laptop and the card reader key from the other machines. If gpg only knows about one of the two keys, then it shouldn't ask for the wrong key. If you ever want to use the yubikey on the laptop, then you can simply (re-)import the yubikey key on the laptop. The downside is that this will make synchronization of ~/.gnupg between your laptop and the other machines more difficult. But then you really only need a single key per machine for decrypting your passwords, i.e. you could use dedicated GNUPG_HOMEs just for the encryption keys. Regards, Ingo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: The GnuPR FAQ
> Even using only English words greater than 5 letters and unrelated to > each other, an extremely low-bound estimate, would be 77760 words. > (in reality, far greater, but let's use an example people would agree > on). This is probably not the best metric. The length of the word is irrelevant: if one of your words is "zoo", that's no easier or harder to guess than "prolix" or "antediluvian". The words are all equally random. Much more important than length is memorability. "Coulrophobia" is a great word but I'd be looking up how to spell it all the time. You can get by just fine in most everyday English with a vocabulary of 5,000 words. Stick to those words and you'll have an easy-to-remember passphrase. Or, you know, learn coulrophobia, enhance your vocabulary, and get down with your clown-fearing self. It's up to you. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Checking multiple smart cards before asking for one
Wiktor Kwapisiewicz [2020-05-12 14:08] wrote: > Hi Valentin, > > I believe this will work seamlessly in GnuPG 2.3. > > You can track this ticket: https://dev.gnupg.org/T4695 Hi Wiktor, thanks for the reply. That issue is indeed what initially prompted me to make a second key for the second card, but seems a bit different from my current use case - I have two completely different keys, but two card readers. Do you think that with that ticket resolved it will allow me to have either key available? Cheers, Valentin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Checking multiple smart cards before asking for one
Hi Valentin, I believe this will work seamlessly in GnuPG 2.3. You can track this ticket: https://dev.gnupg.org/T4695 Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Comparison of RSA vs elliptical keys
On 12-05-2020 3:46, Pete Stephenson via Gnupg-users wrote: > For example, a 256 bit elliptic curve key has a similar strength to a > symmetric key of 128 bits. Until, of course, a working quantum computer with more than a few qubits is constructed. Then ECC is much more vulnerable than RSA or ElGamal due to its smaler keysize (of course once a 256 bit quantum computer gets constructed I would also worry about 8192 bit RSA being vulnerable too in the very near future). -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: The GnuPR FAQ
On 5/11/20 10:11 PM, Robert J. Hansen - r...@sixdemonbag.org wrote: This arrived in my inbox: I'm presenting it here without comment. You've advised people to use a HORRIBLE practice of using dictionary words solely for their password. I tested this theory myself back in the day, so I can 100% guaranty you of this fact: A brute force dictionary based attack can crack a password like that in LESS THAN 5 minutes!! I once stretched that out to 20 minutes by cleverly picking words that I already knew were at the opposite ends of the dictionary. In order to discuss the feasibility of brute forcing a set of a few random dictionary words, we would have to agree on a few numbers: 1) how many words in the passphrase 2) how many words in a dictionary 3) how many dictionaries 4) how many slightly different forms can average word of the dictionary take due to the declension, conjugation and noun/adjective gender matching. This happens to be an English-only language mailing list, but very few users of this program speak (only) English. It always surprises me how contributors native-language-centric some Internet discussions on a technical subject that transgresses language borders are. Overall, the original suggestion in the FAQ is perfectly valid, and all I would add is point out the benefit of (3) and (4) above. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Checking multiple smart cards before asking for one
Hi there, I have two smart cards, a regular card that I plug into the builtin reader of my laptop and a yubikey, that have two different keys on them. I store some passwords in a file that is encrypted with both keys. When I try to access the passwords, pinentry will always ask me to insert the yubikey first, even if the other card is already inserted. Is there a way to define the order this is checked per machine (the laptop will usually use the card reader, other machines the yubikey), or to force gpg to check for all cards before asking me to provide one? I'm up for trying to patch this myself, if somebody will point me in a rough direction :) Cheers, Valentin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users