Re: Change key prefs; few questions
On Mon, 4 Jul 2011 05:01, ds...@jabberwocky.com said: > figures out how many iterations it can do in 1/10 of a second (which > always results in a value higher than 65536 these days), and uses > that. I believe that the newer GPG (2.x) has some support for this > design, but I don't recall offhand if it is using it fully yet. We We have it working since 2.0.15 and gpg2 uses it. It would be easy to backport it to 1.4 and use it if use-agent is used (look for agent_get_s2k_count). We need to use a persistent process (like the agent) to do the calibration so that it does not take too long. You may use gpg-connect-agent 'getinfo s2k_count' /bye to see the number of iterations. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
Thanks for the detailed reply. Since --s2k-count will just affect the encryption of my private key, I'll go ahead and give myself a half second delay. > sending passphrase-encrypted messages (which also have a s2k-count) By this you mean symmetrically-encrypted messages, with the -c flag? So I can just use the --s2k-count flag again, to change this. Presumably it's pretty pointless to change the count for asymmetrically-encrypted messages, since the session key will be long enough to discourage any brute forcing anyway. Cheers Chris On 4 Jul 2011, at 04:01, David Shaw wrote: > On Jul 3, 2011, at 12:15 PM, Chris Poole wrote: > >> On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: >>> There are some obscure edge cases where you must have a 3DES or AES >>> encrypted >>> private key, but for the overwhelming majority of people, no, there is no >>> reason to do this. The default (CAST5) is quite strong (which the original >>> poster acknowledged). It's just helpful to know what the "knobs" are to >>> understand how something as complex as OpenPGP is put together. >> >> Exactly, it's just good to know. I won't bother changing the cipher or count, >> but this leaves me with one final question: >> >> In a few years, assuming GPUs are faster than ever, Moore's law is still on >> track, and all that; should I change the number of iterations with >> --s2k-count? >> The default 65536 is probably fine for now, but it'll certainly end up being >> too >> slow. gpg won't do this for me, or counteract this in another way? > > GnuPG generally has its defaults updated every now and then. While some of > the new possible defaults (DSA/Elgamal keys becoming RSA/RSA, new default key > sizes) do require the generation of a new key to use, others (default > preferences, secret key protection, and secret key iteration count) are > available to any key. Since secret key cipher and iteration count are tied > to the encryption of the secret key (via the passphrase), if you just change > your passphrase with that new version of GnuPG, you'll automatically pick up > a new cipher and iteration count. > > PGP has a clever trick to set an appropriate s2k-count without knowing > anything about the various processors it will be run on: it simply figures > out how many iterations it can do in 1/10 of a second (which always results > in a value higher than 65536 these days), and uses that. I believe that the > newer GPG (2.x) has some support for this design, but I don't recall offhand > if it is using it fully yet. We should probably raise the (static) GPG 1.x > count as well at some point. It's been 65536 for a long time (over a decade). > > It's not unreasonable to raise your s2k-count for your secret key. If you > pick a value that is too high and you find it annoying, you can always set it > back down to something lower. It doesn't cause any real harm if you go too > high - just wastes some of your time (which is sort of the point!) That's > for secret keys, of course. More complex is sending passphrase-encrypted > messages (which also have a s2k-count), where you don't know the CPU > capabilities of the recipient. There was a case a year or two back where > receiving an OpenPGP message with a too-high s2k-count would cause a device > to hit its deadman timer since it spent so much time iterating passphrases. > Someone had created the message on a fast machine (and so didn't notice the > delay), and sent it to someone on a slow machine which was clobbered by it. > > Of course, if you want extra security against brute forcing, even better than > bumping up your s2k-count would be to just add a character or three to your > passphrase. > > David > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
On Jul 3, 2011, at 12:15 PM, Chris Poole wrote: > On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: >> There are some obscure edge cases where you must have a 3DES or AES encrypted >> private key, but for the overwhelming majority of people, no, there is no >> reason to do this. The default (CAST5) is quite strong (which the original >> poster acknowledged). It's just helpful to know what the "knobs" are to >> understand how something as complex as OpenPGP is put together. > > Exactly, it's just good to know. I won't bother changing the cipher or count, > but this leaves me with one final question: > > In a few years, assuming GPUs are faster than ever, Moore's law is still on > track, and all that; should I change the number of iterations with > --s2k-count? > The default 65536 is probably fine for now, but it'll certainly end up being > too > slow. gpg won't do this for me, or counteract this in another way? GnuPG generally has its defaults updated every now and then. While some of the new possible defaults (DSA/Elgamal keys becoming RSA/RSA, new default key sizes) do require the generation of a new key to use, others (default preferences, secret key protection, and secret key iteration count) are available to any key. Since secret key cipher and iteration count are tied to the encryption of the secret key (via the passphrase), if you just change your passphrase with that new version of GnuPG, you'll automatically pick up a new cipher and iteration count. PGP has a clever trick to set an appropriate s2k-count without knowing anything about the various processors it will be run on: it simply figures out how many iterations it can do in 1/10 of a second (which always results in a value higher than 65536 these days), and uses that. I believe that the newer GPG (2.x) has some support for this design, but I don't recall offhand if it is using it fully yet. We should probably raise the (static) GPG 1.x count as well at some point. It's been 65536 for a long time (over a decade). It's not unreasonable to raise your s2k-count for your secret key. If you pick a value that is too high and you find it annoying, you can always set it back down to something lower. It doesn't cause any real harm if you go too high - just wastes some of your time (which is sort of the point!) That's for secret keys, of course. More complex is sending passphrase-encrypted messages (which also have a s2k-count), where you don't know the CPU capabilities of the recipient. There was a case a year or two back where receiving an OpenPGP message with a too-high s2k-count would cause a device to hit its deadman timer since it spent so much time iterating passphrases. Someone had created the message on a fast machine (and so didn't notice the delay), and sent it to someone on a slow machine which was clobbered by it. Of course, if you want extra security against brute forcing, even better than bumping up your s2k-count would be to just add a character or three to your passphrase. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
On Sun, Jul 3, 2011 at 4:45 PM, David Shaw wrote: > There are some obscure edge cases where you must have a 3DES or AES encrypted > private key, but for the overwhelming majority of people, no, there is no > reason to do this. The default (CAST5) is quite strong (which the original > poster acknowledged). It's just helpful to know what the "knobs" are to > understand how something as complex as OpenPGP is put together. Exactly, it's just good to know. I won't bother changing the cipher or count, but this leaves me with one final question: In a few years, assuming GPUs are faster than ever, Moore's law is still on track, and all that; should I change the number of iterations with --s2k-count? The default 65536 is probably fine for now, but it'll certainly end up being too slow. gpg won't do this for me, or counteract this in another way? Thanks Chris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
On Jul 3, 2011, at 10:58 AM, MFPA wrote: > On Sunday 3 July 2011 at 3:24:15 PM, in > , David Shaw > wrote: > > > >> This will set your private key cipher to AES: > >> gpg --s2k-cipher-name aes --edit-key (thekey) passwd >> save > > Is there a reason to do this? There are some obscure edge cases where you must have a 3DES or AES encrypted private key, but for the overwhelming majority of people, no, there is no reason to do this. The default (CAST5) is quite strong (which the original poster acknowledged). It's just helpful to know what the "knobs" are to understand how something as complex as OpenPGP is put together. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 3 July 2011 at 3:24:15 PM, in , David Shaw wrote: > This will set your private key cipher to AES: >gpg --s2k-cipher-name aes --edit-key (thekey) passwd >save Is there a reason to do this? - -- Best regards MFPAmailto:expires2...@ymail.com A candle loses nothing by lighting another candle -BEGIN PGP SIGNATURE- iQE7BAEBCgClBQJOEIOOnhSAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pJQ8EAJP5 JY/HMV/KguC/wT0YfBxOw1/Q9LuoTtN69s2JpQwuW3Pdz/VNskZMttQIeoNhlQGQ pOvyN22LMuFEpFp1Kc2wGFRI00sXvCwRv44c2JLxz8qvlKaVfUKrcFIIO17YV3tL tirA7gYwayLUE/ZZJyGS1wDQUgoasDh0eRlinM8U =SZjq -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
On Jul 3, 2011, at 4:37 AM, Chris Poole wrote: > Thanks. > > There's no way to change the cipher used for encrypting the private key > itself (CAST5 I believe)? It is CAST5 by default, but you can change it. To change the cipher, you need to set the passphrase since that's when the encryption for the secret key is set. You can take the opportunity to change the passphrase, or just use the same one as before. This will set your private key cipher to AES: gpg --s2k-cipher-name aes --edit-key (thekey) passwd save > Also, if I understand correctly, someone trying to brute-force the key would > need to guess my passphrase, then pass it through the key stretching > algorithm that gpg uses, before trying to decrypt the key. How often does the > "work function" defining how long the key stretching process take, get > updated? (I can't find an option to make it user configurable.) It's configurable in the same way that changing the encryption is: you need to do it while changing the password. Add "--s2k-count XXX" to the above command line and you can set how many iterations are done. It can range from 1024 to 65011712, and the default is 65536. Note that not all possible values are legal, and if you pick an illegal value, GnuPG will round it up to the next higher legal value. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
Thanks. There's no way to change the cipher used for encrypting the private key itself (CAST5 I believe)? (Not that I would, as I'm sure the default is more than good enough for my needs.) Also, if I understand correctly, someone trying to brute-force the key would need to guess my passphrase, then pass it through the key stretching algorithm that gpg uses, before trying to decrypt the key. How often does the "work function" defining how long the key stretching process take, get updated? (I can't find an option to make it user configurable.) Thanks Chris On 3 Jul 2011, at 01:38, David Shaw wrote: > On Jul 2, 2011, at 3:37 PM, Chris Poole wrote: > >> Hi, >> I changed the order of preferred ciphers and hash functions using setpref. >> My public key has changed, but not the fingerprint. > > That is correct. Changing the various preferences does not change the > fingerprint. The fingerprint remains constant no matter what you do to the > key (changed/new preferences, new subkeys, new user IDs, etc). > >> Is the done thing now to ask anyone with the key to pull the latest version? >> (I've already updated the keyserver version.) > > You can ask them to update, if you like. It's up to you if the change you > made to the preferred list is important enough. Some people refresh their > keys periodically anyway. > > David > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Change key prefs; few questions
On Jul 2, 2011, at 3:37 PM, Chris Poole wrote: > Hi, > I changed the order of preferred ciphers and hash functions using setpref. My > public key has changed, but not the fingerprint. That is correct. Changing the various preferences does not change the fingerprint. The fingerprint remains constant no matter what you do to the key (changed/new preferences, new subkeys, new user IDs, etc). > Is the done thing now to ask anyone with the key to pull the latest version? > (I've already updated the keyserver version.) You can ask them to update, if you like. It's up to you if the change you made to the preferred list is important enough. Some people refresh their keys periodically anyway. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Change key prefs; few questions
Hi, I changed the order of preferred ciphers and hash functions using setpref. My public key has changed, but not the fingerprint. Is the done thing now to ask anyone with the key to pull the latest version? (I've already updated the keyserver version.) Thanks ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
