Re: private key protection
On Mon, June 25, 2012 5:00 pm, Robert J. Hansen wrote: > On 06/25/2012 11:44 AM, Werner Koch wrote: >>> cracking the symmetric encryption used to protect the private key is >>> comparable to the problem of cracking an encrypted message's session >>> key. >> >> No, it is not. The entropy in a session key matches the size of the >> session key. The key used to protect the private key is commonly much >> weaker. A passphrase providing an adequate amount of entropy is not >> useful because a user won't be able to remember it correctly. > > Speaking purely for myself, my passphrase is 16 bytes from /dev/urandom > dropped into base64. It took me a weekend to memorize it, but the peace > of mind has been well worth it. > > It is possible, though, that I'm demented. :) reading this it occurs it me that keyboards are cheap so it would be reasonable to swap all the keys about on a keyboard and then use some easily memorably combination of real words to save on so much memorizing. mick -- keyID: 0x4BFEBB31 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 06/25/2012 11:44 AM, Werner Koch wrote: >> cracking the symmetric encryption used to protect the private key is >> comparable to the problem of cracking an encrypted message's session >> key. > > No, it is not. The entropy in a session key matches the size of the > session key. The key used to protect the private key is commonly much > weaker. A passphrase providing an adequate amount of entropy is not > useful because a user won't be able to remember it correctly. Speaking purely for myself, my passphrase is 16 bytes from /dev/urandom dropped into base64. It took me a weekend to memorize it, but the peace of mind has been well worth it. It is possible, though, that I'm demented. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 06/25/2012 11:08 AM, Kevin Kammer wrote: > Eventually being... the age of the Earth? (I do not disagree with Kevin: this is an emphatic agreement.) There is a minimum energy associated with flipping a bit -- something so small that a single proton has the energy to flip about a trillion bits. Let's say you have a remarkably efficient OS that can test a given key while only flipping 10,000 bits. Multiply that times the number of attempts you'd have to make to brute-force a 128-bit key and you get a really big number, so big that it no longer makes sense to describe it in terms of nuclear warheads. The best, most visceral way of saying it is, "You must have 340 kilos of antimatter to run your computer." If you happen to have 340 kilos of antimatter lying around, then yes, brute-forcing is certainly possible. I deeply hope you don't. I like Earth: all my stuff is here. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, 25 Jun 2012 17:08, lists.gn...@mephisto.fastmail.net said: > cracking the symmetric encryption used to protect the private key is > comparable to the problem of cracking an encrypted message's session > key. No, it is not. The entropy in a session key matches the size of the session key. The key used to protect the private key is commonly much weaker. A passphrase providing an adequate amount of entropy is not useful because a user won't be able to remember it correctly. Further, a brute force attempt on the protected private keys needs to be done only once, whereas it has to be done for each encrypted message, if you want to target the session key. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Tue, Oct 18, 2011 at 09:15:14AM -0400 Also sprach Mark H. Wood: > On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote: > > >> I'm going to lean very far out the window and assume he meant the actual > > >> private key, not the private key-ring/-file/... > > > > > > I'm not sure I understand the distinction you're making there. > > > > One is protected with a passphrase (i.e. it's encrypted), the other is > > in the clear. > > > > If I manage to steal your private keyring, then yes the very strong > > passphrase should grind my attempts to steal your key to a halt. > > Well, not quite. Eventually you would get it. Eventually being... the age of the Earth? Provided one's private key is protected by a suitably "good" passphrase, then the problem of cracking the symmetric encryption used to protect the private key is comparable to the problem of cracking an encrypted message's session key. That is to say, if an attacker has the resources to break the encryption used to protect a private key, in a practical span of time, that implies that they can apply the same techniques to reading your encrypted messages without the private key, which makes stealing it less than essential. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/19/2011 4:54 PM, Peter Lebbing wrote: > Because in the latter case, I hardly think commonality matters. As an example: Three years ago I was thrown into a week-long sink-or-swim course on malware analysis, taught by an instructor who was a principal scientist at a company that's a big name in that field. (Due to the subject matter of this story, I am not allowed to give names: they don't want to be publicly associated with this story. You'd recognize the company name if you heard it, though.) The first thing we did was crack our cases to verify that our machines had no network cards. While we were doing this, the instructor entertained us with a funny story about why we were doing this. A couple of years before that course, a new piece of malware was reported to the company. In turn it was sent to the malware analysis lab, where the instructor was the guy tasked with looking at it. He was running a Windows VM within a Linux environment on a computer that was physically disconnected from the internet and had the wifi card turned off. He fired up IDA Pro (a popular debugger) and began studying this boring, broken piece of malware. Within a couple of minutes the sysadmins noticed something wrong and killed all network access in the building. All signs pointed to the instructor's machine being the source of the problem. The malware was the work of an evil genius. As input to a PC, it was a bunch of nonsense that crashed hard before it could do anything. As input to IDA Pro, it was a carefully crafted input that hijacked IDA Pro. It then discovered it was running inside a virtual machine, used an exploit to get out into the Linux environment, brought up the wifi connection and associated with the first network it could. Wacky hijinks ensued. You can find some more on this subject in "The IDA Pro Book," by Chris Eagle. NIST also has a brief writeup on it: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0115 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 19-10-2011 17:54, Peter Lebbing escribió: > On 19/10/11 22:43, Faramir wrote: >> Ok, but if the online computer uses Windows, and the offline one >> uses Linux, then it would be a multiplataform trojan horse... >> that is not likely to be a common case. > > Define your threat model... are we talking random trojan infection > or a focused attacker trying to gain your key? Because in the > latter case, I hardly think commonality matters. You are right, I was thinking about random trojan infection (maybe not 100% random, since a private key stealing trojan would be focused on OpenPGP users, rather on average users). But if somebody wants MY private key, then probably there would be an attack involving picking my lock, infecting my BIOS, or some other 007-like activity. But in that case, the victim might be involved in some organization that should develop policies to deal with that risk. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOnzyeAAoJEMV4f6PvczxA7eEH/j3wjkHNcwPNd2hSz1NXmIl0 KCMkE2H2BEqS19AhpDMmYdB4EVddDsDJg1rLa7W+he5o/4g6WPueLoeeh+Rqbj0T IZCNN6KlVWgZ2P9JLt9cc5H9TVU1f3O1HtJUThwQJfsFygDBrk/HqpTvsJcXqU51 yAd2aw2gudI8FtJAz5hawRMABzIKObH3wJGbpQfVR1ih91zsjisPCJXt+4grwg2b lxTS2tR8RnuZJPkmmBZTyAKNkapdGnJ2BiXPKYY8rqtPzM035hqDlsiVAHvea0ie UYtOkTVXGVgW0xQlXY/0j4HKBm/xuNltUiZPja8EIGV2KMvoV16iYmCVa5CpURc= =MJed -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/19/2011 4:43 PM, Faramir wrote: > Ok, but if the online computer uses Windows, and the offline one > uses Linux, then it would be a multiplataform trojan horse... that is > not likely to be a common case. At this point we're throwing conjecture onto conjecture. If the offline one happened to be a PowerPC architecture running Yellow Dog Linux, then the first bit of malware would have to target Windows/x86, the second would have to target Linux/PPC, and that's even *more* unlikely to be a common case, and oh, don't forget if we're actually... etc., etc. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 19/10/11 22:43, Faramir wrote: > Ok, but if the online computer uses Windows, and the offline one > uses Linux, then it would be a multiplataform trojan horse... that is > not likely to be a common case. Define your threat model... are we talking random trojan infection or a focused attacker trying to gain your key? Because in the latter case, I hardly think commonality matters. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 18-10-2011 10:07, Peter Lebbing escribió: ... > A capable enough hacker might infect the USB pendrive while it is > in your internet-connected PC and that way still gain access to the > non-connected system. Ok, but if the online computer uses Windows, and the offline one uses Linux, then it would be a multiplataform trojan horse... that is not likely to be a common case. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJOnzaAAAoJEMV4f6PvczxAxxcH/RyWHL7x47kCWDFE8uYL1fY9 eS7beCvPQpWvsGKZaQkjFeTVn86o442AkbrZ7Awy03WtzJJvOezQ6km6NrcB2dHa R0bnLYj41kjvA8s2/AenDk/OvNm3iPgJrHtp6NA+O9sT4QITiQNb0yVQqGQoQwuY gfDT4Ne1ZpKC6yml3Fl/wfnK6Mm1YXK6o7LEIk7GbDeaeMl8LDAzR9SYmFYnxwps r6Qk0abh7RtC6DET6DbxamD2VDN9bglrrBqVUMqFUzeYfe0luxGyfSBL9ToDDKc+ YZ54vvrVC4ABgD2oJJTbQ1kB3cYOhaeFlbWXFfvvrrJnNNrH5T09kHahadGFMjc= =RV1p -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/17/11 5:18 PM, takethe...@gmx.de wrote: > Hi everybody, > > what is the best way to protect > your private key from getting stolen? Page 29 (http://www.gnupg.org/gph/en/manual.html#AEN513) of the Gnu Privacy Handbook (http://www.gnupg.org/gph/en/manual.html)recommends a strong passphrase to protect the key. Another strategy is to create sub-keys derived from the private key and use those sub-keys for signing and encrypting anything. This would also mean that you export the public key of whichever sub-key you decide to use -- not your private key. As the use of the public sub-key cannot be used to derive the private key utilizing the sub-key strategy may be the most sensible strategy. > > I think: > > 1. Using gnupg on a windows PC with internet connection is not good, because > there are too many trojans out there. In all fairness, the PC is as weak or strong as it's user. In other words, if you are not willing to do the "nitty-gritty and sometimes research as relentless in nature as Indiana Jones - regarding how you defend your operating system then believe it or not choosing Linux or the Mac won't save you from your laziness. Sorry, but that's the truth. You have to have your own drive to master whatever technology (mathematics, coding language, nuance and more) necessary to defend yourself, your family and your property. If you don't or won't make the effort -- understand that this is exactly what those who create malware rely upon. The other crowd who rely on your "lack of will" are the commercial entities who benefit from those who just want "someone else" to handle the details and who are willing to pay for whatever appears "on the shelf". > > 2. Using gnupg on a linux PC with internet connection (like privatix, see > http://www.mandalka.name/privatix/index.html.en ) is better since there are > fewer(?) security holes and trojans out there. How big do you think is the > thread? > IF you decide you are serious regarding Linux then Debian or Red Hat remain the two you should rely upon. Everyone else, follows them. Of course, if you are really brave and really know what you are doing then Slackware is reliable. Again don't rely on anyone, especially in Linux, to provide you with a satisfactory and reliable defense if you have no clue as to how it works, or how you can repair it should something go wrong or how to improve it's reliability as hacking and threat environment's increase. > 3. The best way is to have one PC connected to the internet and another, > without an internet connection (missing network drivers and a fully encrypted > hard disk for instance), which you use to decrypt and encrypt messages. You > use an USB stick to carry messages from the internet PC to the one not > connected to the net. If you don't have two PCs, you can use another USB > stick with privatix without network drivers on it. > > Which software can I use under point 3 to put my messages in order (date, > sender, etc.) on a linux system? > > Most people use something like point 2, don't they? > > Point 3 is the only satisfying to me, since I find it hard to judge the the > thread in point 2. Additionally point 3 makes it easier to see when your key > might have been stolen: If you see traces that someone broke into your house > and searched everything for the hidden privatix USB stick. Only experts might > notice a trojan under point 2. > > Thanks for answers, > Jan > I think I recall seeing that question (3) on a Computer Science exam. The truth, unfortunately, is that there is no "best way". Unfortunately, there is another level of system attack which was used successfully against HBGary and should be a tale elevated to the level of Grimm's Fairy Tales until it seeps into the unconscious and conscious level of each persons awareness. Read this article and I'm sure you'll get my point: http://www.theregister.co.uk/2011/03/17/hbgary_anon_hacker_interview/ HBGary believed it's own hype regarding their sophistication and skills; simply stated as a corporation they failed the same way or close enough as the individual who believes s/he is a "legend - in their own mind". The trap very similar to that limited thought is to believe that your system is safe because it is isolated; in fact the weakness of your system (regardless what you buy) is really -- you! This side of the problem can be intuited by understanding how many people fall the Nigerian or Russian or other scam ploy every day. In other words, be aware of your own susceptibility to being tricked, taken, and mislead such as when we are distracted. It is one thing to be enjoyably tricked at a magic show, quite another emotion is experienced when your data is stolen and you have no clue how or why until you realize that it was your fault for trusting so and so. I have no intention of being overly discouraging as much as underlying the fundamentals regarding why computer security, encryption methods, etc. are const
Re: private key protection
> I was pleased to see room for different classes of users in the STEED > paper. When I encounter software that tries to be helpful, my own > first thought is: how do I turn that off? But I recognized long ago > that I was never a "typical" user and my own inclinations are no guide > to popularity. :-/ That's a big UI bug with Thunderbird IMO: The automated account setup is really nice, until you run into a case where it doesn't work. There's no "expert" button to force a setup. The workaround is to go offline and then setup the account... So yes definitely expert buttons, I was talking about those users that aren't yet experienced with crypto. I like your idea of giving guidance on where-about they are still getting good returns on their learning efforts. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Tue, 18 Oct 2011 15:19, r...@sixdemonbag.org said: > Arguably we should be using 'certificate' to describe keys, but We tried that in the Gpg4win manuals. However it turned out that this term as other problems when used with OpenPGP keys (ah well, keyblocks). > honestly, that's a losing battle: the community's inertia on the subject > of 'key' is immense. Right. There is a public key and there is a private (aka secret) key. How they are made up is a technical detail. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Tue, Oct 18, 2011 at 04:23:42PM +0200, Jerome Baum wrote: [snip] > While we're discussing the STEED proposal in the other thread, do you > think it's better to educate your users and risk loosing them or do you > think it's better to provide "sensible" defaults for the "average" > threat model and assume they'll learn everything else over time and > start tweaking? I think we would be in error to think about "users" as a single class. I usually try to educate lightly -- to make all users aware that there is much more to learn, and to indicate how more learning might be to their advantage. Then provide sensible defaults, so that those who choose to go no deeper will get some benefit, and in-depth documentation for those who do choose to go deeper so that they can reap the full benefit (or, at least, as much as each is willing to work for). I was pleased to see room for different classes of users in the STEED paper. When I encounter software that tries to be helpful, my own first thought is: how do I turn that off? But I recognized long ago that I was never a "typical" user and my own inclinations are no guide to popularity. :-/ -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpvJplMtHfCy.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Tue, 18 Oct 2011 15:05, r...@sixdemonbag.org said: > No, it's still a single file ("pubring.gpg", for instance, is the public > keyring). I just can't promise that it's still a raw stream of RFC4880 > octets. It still is for the public keys. 2.1 changes the format of the secring (well, dropped it entirely and stores only the needed bits elesewhere). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/18/2011 8:53 AM, takethe...@gmx.de wrote: > I read a smartcard is simply a chip card. Why is it save, what's a > PIN? PIN: Personal Identification Number. The idea is the secret key material is stored on the card, not on the PC. The secret key material is located in write-only memory: from the PC side, there is no way to read off the secret key material. When you want to sign a document the PC computes a hash of the data, then sends the hash to the card. The card tells the PC, "ask the user for their PIN number to unlock my secret key." The PC gets the user's PIN and sends it to the card. If the PIN entered is correct, the card signs the hash and returns back a signature. Let's say your PC gets Trojaned. An attacker can replace the GnuPG binary with a Trojaned version that will capture the PIN, sure, but there is literally no way for the Trojaned GnuPG binary to capture the secret key material off the card. I'm not saying it's safe. Safety is, at best, a relative term. However, this is generally accepted to be as safe an option as any, and safer than most. > How is access restricted to the key by the smartcard? The card disallows any external read access to the secret key material. > Since the PC is "isolated" from the net, I don't need to be afraid > of softwarekeyloggers,trojans etc. Check your assumptions, friend. ;) > 3. The best way is to have one PC connected to the internet and > another, without an internet connection (missing network drivers and > a fully encrypted hard disk for instance), which you use to decrypt > and encrypt messages. You use an USB stick to carry messages from the > internet PC to the one not connected to the net. USB sticks make great malware vectors. Just ask any Iranian nuclear scientist. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
> Right, that's a good point I think we all considered "trivial" when > maybe we shouldn't have. In your threat model you should determine for > how long your data should be safe (per attacker type) before you go > ahead and make decisions about key protection. To clarify, this is what we should tell the OT instead of telling him stuff like "smart cards are 'better'". Kumtraya! -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
> Well, not quite. Eventually you would get it. The task of security > systems is to make "eventually" be longer than: > > o the payoff is worth; or > o the time it takes to be discovered; or > o the time it takes for the secured object to lose its value. > > Statistically, that is. You could get it right on the first try, but > you very probably won't. You are guaranteed to get it right if you > try every possible value. Right, that's a good point I think we all considered "trivial" when maybe we shouldn't have. In your threat model you should determine for how long your data should be safe (per attacker type) before you go ahead and make decisions about key protection. While we're discussing the STEED proposal in the other thread, do you think it's better to educate your users and risk loosing them or do you think it's better to provide "sensible" defaults for the "average" threat model and assume they'll learn everything else over time and start tweaking? I suppose the latter model fits the "power user" case well, where they start using the tool and eventually learn about other features and start tweaking. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
> (a) is true, but it doesn't lead anywhere useful. That makes it > trivial. Seems like you keep asserting Jerome posed (a) as something insightful. I don't remember someone other than you posing (a) at all. I really see no point in keeping on telling people they said something different than what they meant to say. Isn't it way more productive to determine what they meant, rather than what /you/ (or anyone) read in it? Are we here to catch eachother on potentially saying something, for instance, trivial, and going "aha! Got ya!"? Or are we here to discuss crypto and stuff having to do with crypto? Meanwhile, you are right about the heat versus light ratio, so I will stop this side discussion as well, hopefully even if it annoys me some more :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 2011-10-18 16:06, takethe...@gmx.de wrote: > Thanks to everyone for the helpful answers. Maybe I'll buy a > smartcard, it seems more convinient than rebooting for every email. What country are you in? For Germany, kernelconcepts sells the OpenPGP card v2 and cryptoshop sells a very basic USB card reader (no PIN entry) for a total below 50 €. (IIRC cryptoshop is based in Austria, but they ship to Germany.) -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Tue, Oct 18, 2011 at 02:10:07PM +0200, Jerome Baum wrote: > >> I'm going to lean very far out the window and assume he meant the actual > >> private key, not the private key-ring/-file/... > > > > I'm not sure I understand the distinction you're making there. > > One is protected with a passphrase (i.e. it's encrypted), the other is > in the clear. > > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt. Well, not quite. Eventually you would get it. The task of security systems is to make "eventually" be longer than: o the payoff is worth; or o the time it takes to be discovered; or o the time it takes for the secured object to lose its value. Statistically, that is. You could get it right on the first try, but you very probably won't. You are guaranteed to get it right if you try every possible value. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpEM0NhDGA98.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
Thanks to everyone for the helpful answers. Maybe I'll buy a smartcard, it seems more convinient than rebooting for every email. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
I'm going to keep this as short as possible, because we've already hit the point at which we're casting far more heat than light. > Oddly, I don't recall Jerome ever making a statement remotely like > "If I steal your decrypted key, ...". I only remember him stating > that he thought, as did I, that the OP meant that he wanted ways to > prevent people stealing his secret key material when he said: "what > is the best way to protect your private key from getting stolen?". > Anthony interpreted it as somebody stealing the keyring, and Jerome > disagreed on that interpretation. As do I. GnuPG depends on you having physical control of the hardware for the duration of your use of the system. If this fails, then there's nothing GnuPG -- or anything, for that matter! -- can do to keep your secret key material safe. If I put my secret key on a system that is later compromised, I can still be confident in the security of my secret key. If I log into that machine and use my secret key even once, though, that key needs to be considered compromised because I've failed to uphold the absolute prerequisite for GnuPG usage: control of the hardware during my interaction with it. Secret key material can only be compromised in two situations: either (a) someone you don't trust has root on your system while you're using GnuPG, in which case it's a game-over and the only defense is "well, don't do that, then!", or (b) someone compromises your PC while you're not using GnuPG and steals your private key. (a) is true, but it doesn't lead anywhere useful. That makes it trivial. Why are we even discussing a triviality? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
> It doesn't prevent a trojan from signing something other than what you > intended (if it's your master key on card, even another key or a new > sub-key) but whether this is a problem depends on your threat model. I should mention that the current OpenPGP card spec doesn't let the card know whether it's signing a key or signing data. So there's no way to prevent this attack other than not keeping your master-key on card. I prefer keeping the master-key encrypted thrice and printed out in a vault, surrounded 25x8 by guards authorized to use lethal force. But seriously, I keep the master-key encrypted/printed and store it in my safe deposit box. The sub-key goes on the card. Trojan issue is a much smaller issue then, as the card includes a signature counter. I also keep a backup of the encryption key in case the card breaks. That's probably a good idea. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 18/10/11 15:23, Jerome Baum wrote: > It doesn't prevent a trojan from signing something other than what you > intended (if it's your master key on card, even another key or a new > sub-key) but whether this is a problem depends on your threat model. The signature problem can still be solved by manual labour: you made *one* signature. If you have a signature on your file that checks out, that's apparently the one signature you made. This is thanks to the "Signature PIN: forced" setting of OpenPGP smartcards. However, there's another scenario involving encrypted files. Once you've entered your PIN, your smartcard will decrypt files and stuff without asking for the PIN again. So if you enter the PIN on your secure smartcard reader, and someone has trojaned your PC, the trojan or attacker can then decrypt further files until the smartcard is "reset". Still, it is all restricted to the timeframe the smartcard is active "inside" the hacked computer. At no point is the key fully compromised: the attacker can't copy the key to his own system, and he can't sign or decrypt anything without the smartcard being in a hacked computer at the time he wants to decrypt or sign. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 18/10/11 15:08, Jerome Baum wrote: > It's one thing to be picky when it adds to the discussion proper. That > would be the case when we're distinguishing between the key as it is > stored on disk (encrypted, inside a key-file/-ring/...) and the key as > it is stored in memory (unencrypted). That distinction is important when > considering your attack vectors. > > But the distinction between a physical key and a cryptographic key isn't > adding value to the discussion proper. It's being picky for the sake of it. Yeah, that part was actually tongue-in-cheek. The part about not being picky at all wasn't. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 18/10/11 15:05, Robert J. Hansen wrote: >> IIRC "nowadays" is store a separate file per key? > > No, it's still a single file ("pubring.gpg", for instance, is the public > keyring). I just can't promise that it's still a raw stream of RFC4880 > octets. ls ~/.gnupg/private-keys-v1.d/ Peter. PS: nowadays (adverb) 1. At the present time 2. In te current era 3. In GnuPG 2 ;) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
> If someone sniffs your PIN, and has trojaned or rooted your computer, he could > use your smartcard while it is still plugged in to your computer, just like > you > are using your smartcard. If you're worried about this you should be able to find a smartcard reader with PIN entry that GnuPG supports. That way you never enter your PIN on the computer. It doesn't prevent a trojan from signing something other than what you intended (if it's your master key on card, even another key or a new sub-key) but whether this is a problem depends on your threat model. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 18/10/11 15:05, Robert J. Hansen wrote: > On 10/18/2011 8:36 AM, Jerome Baum wrote: >> Have you looked at my original statement? > > Yes. Oddly, I don't recall Jerome ever making a statement remotely like "If I steal your decrypted key, ...". I only remember him stating that he thought, as did I, that the OP meant that he wanted ways to prevent people stealing his secret key material when he said: "what is the best way to protect your private key from getting stolen?". Anthony interpreted it as somebody stealing the keyring, and Jerome disagreed on that interpretation. As do I. >> I recall making the distinction between a key* and a key-ring/-file, >> not between a key-ring and a key-file. > > A distinction that has been lost on apparently everyone here. Please > use accepted terminology. When reading the thread, I wasn't for one moment confused about the intended meaning of the word "key" when Jerome used it. Funnily enough, Jerome was correcting Antony, and Antony replied: "Rereading the post, you're probably right." Which I think means the distinction was also not lost on Antony. >> If you look at the original context you'll see that my statement >> wasn't so trivial. > > I have been: your statement is trivial. Produce the exact trivial statement, please, in a quote. Otherwise we'll never be able to determine it's triviality. Because I only see Jerome asserting: - That the OP probably meant "raw secret key material" when he said key (my own phrasing) - That the distinction between a keyring/-file and a key as he meant it was that the one was protected by a passphrase and the other was not, as it was the raw secret key material. I don't see the triviality. What I do consider trivial is this silly bickering over who said what, when and what the other one meant when he wrote what he wrote. > If the attacker already has read-wherever access to memory, the attacker > can do orders of magnitude worse than steal private key material. Just as a sidebar, I disagree. The access to my private key would be the worst thing, the rest of my computer memory is much less interesting. > You're saying here, "if you assume the computer is already in a > game-over condition, then it's game-over." Which is true, but it's also > pretty close to the canonical example of trivial. No, he never said that. It would come closer to truth to state he said it's game over, but he did not say that when it's game over, that then it's game over. I'm not going to assert what he actually meant when he said the exact words he said, because that is something which is out of reach for all of us except Jerome or a really good brainscanner attached to Jeromes head while he writes mails. Seriously. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 2011-10-18 15:05, Robert J. Hansen wrote: > On 10/18/2011 8:36 AM, Jerome Baum wrote: >> I recall making the distinction between a key* and a key-ring/-file, >> not between a key-ring and a key-file. > > A distinction that has been lost on apparently everyone here. Please > use accepted terminology. If "everyone" is three people, then yes. >> The OP asked "how can I prevent people from stealing my key*?" and >> one person answered "it's not a problem if people steal your key*, >> because it's passphrase-protected." > > Assuming the passphrase is of high quality, that answer is *absolutely > correct*. Sure, if you take key to be the encrypted key. That's why I never said that the answer is wrong in any way. I just said we need to be careful to make this distinction. >> In this context it might be a good idea to mention that stealing >> your actual key* from memory _is_ a problem, while stealing your >> key-file/-ring/-whatever is truly not so big a problem if your >> passphrase holds up. > > If the attacker already has read-wherever access to memory, the attacker > can do orders of magnitude worse than steal private key material. > You're saying here, "if you assume the computer is already in a > game-over condition, then it's game-over." Which is true, but it's also > pretty close to the canonical example of trivial. The OP asked for advice about protecting his key. I made the point that the key in memory is unprotected while the key on disk is protected. Lots of implications there (watch out for insecure memory on Windows, watch out for how you physically protect your computer, consider using a smart-card). How is this trivial*? * http://www.merriam-webster.com/dictionary/trivial -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/18/2011 9:08 AM, Jerome Baum wrote: > Makes sense if there's no context. But there's context here -- > "cryptography". In that context, key means something specific. This ain't EUROCRYPT or FINANCIAL CRYPTOGRAPHY. If you're reading professional journals that are talking about crypto in purely mathematical terms, then yes, 'key' means that. However, in the context of OpenPGP and its predecessors there's about 20 years of precedent for using 'key' to reference the collection of subkeys, user IDs, user attributes, signatures, and so on. This goes back all the way to the early 1990s. Arguably we should be using 'certificate' to describe keys, but honestly, that's a losing battle: the community's inertia on the subject of 'key' is immense. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 2011-10-18 14:48, Peter Lebbing wrote: > On 18/10/11 14:36, Jerome Baum wrote: >> * I'm going to take the word to mean what it says: "key", not what I can >> flexibly interpret it as: "encrypted key". > > One of those metal things in my pocket? What good are they for encryption? > Even > if you manage to read it in, it still has way too little entropy... > > Or in other words: the word has multiple meanings. If you want to discuss > stuff, > you need to determine which of those meanings you're talking about, not > attempt > to constrict the definition of the ambiguous word. That'll only lead to > bickering about which definition is the correct one. > > Peter. > Makes sense if there's no context. But there's context here -- "cryptography". In that context, key means something specific. Say you're discussing search trees (the data structure) and someone comes up and starts talking about how binary trees are so efficient. Then I come along and say "hold on, binary trees aren't necessarily balanced, so the search time can even be linear". What's ambiguous here? Now someones comes along and says "that's just stupid, obviously a binary tree is a balanced binary tree, and if you meant a binary tree that could be balanced or unbalanced then your statement is trivial". In the context of the discussion (computer science), the "binary tree" isn't a piece of wood with leaves [that someone cut in half -- "binary" :)]. Even if we take "binary tree" at face value. Just like "key" in the context of cryptography doesn't mean a piece of metal, even at face value. (A physical key would usually be a "physical key" or something of the kind.) It's one thing to be picky when it adds to the discussion proper. That would be the case when we're distinguishing between the key as it is stored on disk (encrypted, inside a key-file/-ring/...) and the key as it is stored in memory (unencrypted). That distinction is important when considering your attack vectors. But the distinction between a physical key and a cryptographic key isn't adding value to the discussion proper. It's being picky for the sake of it. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 18/10/11 14:53, takethe...@gmx.de wrote: > I read a smartcard is simply a chip card. Why is it save, what's a > PIN? Say I'm using it on a PC with a trojan in the background > that logs my keystrokes (my password) and can send data (my key) > via internet to an attacker. How is access restricted to the key by > the smartcard? It's simply a chip card. Which means the same as: It's simply a computer. Only small and not very powerful. The key never leaves the smartcard. It does the decryption and signing instead of your computer. Not of the whole file you decrypt or sign: in a hybrid cryptosystem like GnuPG, the private key (on the smartcard) is only used to decrypt or sign a very small piece of data. If you decrypt a file, the only thing decrypted by your private key is the "session key", which is a randomly generated key used to decrypt the actual file with symmetric encryption. If you sign a file, you sign a hash that is computed from the contents of the file. So the actual data transfer between PC and smartcard is small. If someone sniffs your PIN, and has trojaned or rooted your computer, he could use your smartcard while it is still plugged in to your computer, just like you are using your smartcard. But he wouldn't have your raw secret key material and use it without also having access to the smartcard. > Since the PC is "isolated" from the net, I don't need to be afraid of > softwarekeyloggers,trojans etc. I'm only fulnerable to > physical/hardware attacks which are easier to notice for a person > who's no computer expert. A capable enough hacker might infect the USB pendrive while it is in your internet-connected PC and that way still gain access to the non-connected system. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/18/2011 8:36 AM, Jerome Baum wrote: > Have you looked at my original statement? Yes. > I recall making the distinction between a key* and a key-ring/-file, > not between a key-ring and a key-file. A distinction that has been lost on apparently everyone here. Please use accepted terminology. > IIRC "nowadays" is store a separate file per key? No, it's still a single file ("pubring.gpg", for instance, is the public keyring). I just can't promise that it's still a raw stream of RFC4880 octets. > If you look at the original context you'll see that my statement > wasn't so trivial. I have been: your statement is trivial. > The OP asked "how can I prevent people from stealing my key*?" and > one person answered "it's not a problem if people steal your key*, > because it's passphrase-protected." Assuming the passphrase is of high quality, that answer is *absolutely correct*. > In this context it might be a good idea to mention that stealing > your actual key* from memory _is_ a problem, while stealing your > key-file/-ring/-whatever is truly not so big a problem if your > passphrase holds up. If the attacker already has read-wherever access to memory, the attacker can do orders of magnitude worse than steal private key material. You're saying here, "if you assume the computer is already in a game-over condition, then it's game-over." Which is true, but it's also pretty close to the canonical example of trivial. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
Monday, October 17, 2011, 11:30:48 PM, Robert wrote: > Smartcard and a good PIN. That's pretty much the gold standard. It's > not the best way (there is no 'best way'), but it's generally an > excellent place to start from. I read a smartcard is simply a chip card. Why is it save, what's a PIN? Say I'm using it on a PC with a trojan in the background that logs my keystrokes (my password) and can send data (my key) via internet to an attacker. How is access restricted to the key by the smartcard? > 3. The best way is to have one PC connected to the internet and > another, without an internet connection (missing network drivers and > a fully encrypted hard disk for instance), which you use to decrypt > and encrypt messages. You use an USB stick to carry messages from > the internet PC to the one not connected to the net. If you don't > have two PCs, you can use another USB stick with privatix without network > drivers on it. Since the PC is "isolated" from the net, I don't need to be afraid of softwarekeyloggers,trojans etc. I'm only fulnerable to physical/hardware attacks which are easier to notice for a person who's no computer expert. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 18/10/11 14:36, Jerome Baum wrote: > * I'm going to take the word to mean what it says: "key", not what I can > flexibly interpret it as: "encrypted key". One of those metal things in my pocket? What good are they for encryption? Even if you manage to read it in, it still has way too little entropy... Or in other words: the word has multiple meanings. If you want to discuss stuff, you need to determine which of those meanings you're talking about, not attempt to constrict the definition of the ambiguous word. That'll only lead to bickering about which definition is the correct one. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 2011-10-18 14:22, Robert J. Hansen wrote: > On 10/18/2011 8:10 AM, Jerome Baum wrote: >> If I manage to steal your private keyring, then yes the very strong >> passphrase should grind my attempts to steal your key to a halt. If I >> manage to steal your private _key_ OTOH, I don't need to get past your >> passphrase as that doesn't come into play. > > Nonsense. > > Have you looked at how GnuPG stores a keyring? It's a sequential series > of individual keys, one octet after another. There is no difference > between an individual private key and a keyring containing one entry. Have you looked at my original statement? I recall making the distinction between a key* and a key-ring/-file, not between a key-ring and a key-file. > (Note: this was true as of early in the GnuPG 1.4 days, which was the > last time I seriously looked at the code. I'm going from a memory a few > years old here.) IIRC "nowadays" is store a separate file per key? > What you seem to be saying is "if I steal your decrypted key, which is > to say the raw key material...". Well, okay: but we already know that's > a game-over state, which makes your statement trivial. If you look at the original context you'll see that my statement wasn't so trivial. The OP asked "how can I prevent people from stealing my key*?" and one person answered "it's not a problem if people steal your key*, because it's passphrase-protected." In this context it might be a good idea to mention that stealing your actual key* from memory _is_ a problem, while stealing your key-file/-ring/-whatever is truly not so big a problem if your passphrase holds up. * I'm going to take the word to mean what it says: "key", not what I can flexibly interpret it as: "encrypted key". -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/18/2011 8:10 AM, Jerome Baum wrote: > If I manage to steal your private keyring, then yes the very strong > passphrase should grind my attempts to steal your key to a halt. If I > manage to steal your private _key_ OTOH, I don't need to get past your > passphrase as that doesn't come into play. Nonsense. Have you looked at how GnuPG stores a keyring? It's a sequential series of individual keys, one octet after another. There is no difference between an individual private key and a keyring containing one entry. (Note: this was true as of early in the GnuPG 1.4 days, which was the last time I seriously looked at the code. I'm going from a memory a few years old here.) What you seem to be saying is "if I steal your decrypted key, which is to say the raw key material...". Well, okay: but we already know that's a game-over state, which makes your statement trivial. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
>> I'm going to lean very far out the window and assume he meant the actual >> private key, not the private key-ring/-file/... > > I'm not sure I understand the distinction you're making there. One is protected with a passphrase (i.e. it's encrypted), the other is in the clear. If I manage to steal your private keyring, then yes the very strong passphrase should grind my attempts to steal your key to a halt. If I manage to steal your private _key_ OTOH, I don't need to get past your passphrase as that doesn't come into play. cf. "Your private key being stolen isn't really that big of a deal." -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/17/2011 14:44, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... I'm not sure I understand the distinction you're making there. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/17/11 5:18 PM, takethe...@gmx.de wrote: > Hi everybody, > > what is the best way to protect > your private key from getting stolen? Page 29 (http://www.gnupg.org/gph/en/manual.html#AEN513) of the Gnu Privacy Handbook (http://www.gnupg.org/gph/en/manual.html)recommends a strong passphrase to protect the key. Another strategy is to create sub-keys derived from the private key and use those sub-keys for signing and encrypting anything. This would also mean that you export the public key of whichever sub-key you decide to use -- not your private key. As the use of the public sub-key cannot be used to derive the private key utilizing the sub-key strategy may be the most sensible strategy. > > I think: > > 1. Using gnupg on a windows PC with internet connection is not good, because > there are too many trojans out there. In all fairness, the PC is as weak or strong as it's user. In other words, if you are not willing to do the "nitty-gritty and sometimes research as relentless in nature as Indiana Jones - regarding how you defend your operating system then believe it or not choosing Linux or the Mac won't save you from your laziness. Sorry, but that's the truth. You have to have your own drive to master whatever technology (mathematics, coding language, nuance and more) necessary to defend yourself, your family and your property. If you don't or won't make the effort -- understand that this is exactly what those who create malware rely upon. The other crowd who rely on your "lack of will" are the commercial entities who benefit from those who just want "someone else" to handle the details and who are willing to pay for whatever appears "on the shelf". > > 2. Using gnupg on a linux PC with internet connection (like privatix, see > http://www.mandalka.name/privatix/index.html.en ) is better since there are > fewer(?) security holes and trojans out there. How big do you think is the > thread? > IF you decide you are serious regarding Linux then Debian or Red Hat remain the two you should rely upon. Everyone else, follows them. Of course, if you are really brave and really know what you are doing then Slackware is reliable. Again don't rely on anyone, especially in Linux, to provide you with a satisfactory and reliable defense if you have no clue as to how it works, or how you can repair it should something go wrong or how to improve it's reliability as hacking and threat environment's increase. > 3. The best way is to have one PC connected to the internet and another, > without an internet connection (missing network drivers and a fully encrypted > hard disk for instance), which you use to decrypt and encrypt messages. You > use an USB stick to carry messages from the internet PC to the one not > connected to the net. If you don't have two PCs, you can use another USB > stick with privatix without network drivers on it. > > Which software can I use under point 3 to put my messages in order (date, > sender, etc.) on a linux system? > > Most people use something like point 2, don't they? > > Point 3 is the only satisfying to me, since I find it hard to judge the the > thread in point 2. Additionally point 3 makes it easier to see when your key > might have been stolen: If you see traces that someone broke into your house > and searched everything for the hidden privatix USB stick. Only experts might > notice a trojan under point 2. > > Thanks for answers, > Jan > I think I recall seeing that question (3) on a Computer Science exam. The truth, unfortunately, is that there is no "best way". Unfortunately, there is another level of system attack which was used successfully against HBGary and should be a tale elevated to the level of Grimm's Fairy Tales until it seeps into the unconscious and conscious level of each persons awareness. Read this article and I'm sure you'll get my point: http://www.theregister.co.uk/2011/03/17/hbgary_anon_hacker_interview/ HBGary believed it's own hype regarding their sophistication and skills; simply stated as a corporation they failed the same way or close enough as the individual who believes s/he is a "legend - in their own mind". The trap very similar to that limited thought is to believe that your system is safe because it is isolated; in fact the weakness of your system (regardless what you buy) is really -- you. This side of the problem can be intuited by understanding how many people fall the Nigerian or Russian or other scam ploy every day. In other words, be aware of your own susceptibility to being tricked, taken, and mislead such as when we are distracted. It is one thing to be enjoyably tricked at a magic show, quite another emotion is experienced when your data is stolen and you have no clue how or why until you realize that it was your fault for trusting so and so. I have no intention of being overly discouraging as much as underlying the fundamentals regarding why computer security, encryption methods, etc. are const
Re: private key protection
> Your private key being stolen isn't really that big of a deal. If you > have a very strong passphrase, possessing your private key gives an > attacker almost no leverage. With a strong passphrase, the average > attacker isn't going to be able to break your key on modern hardware > and anyone who could break it probably doesn't need your private key > to decrypt your messages anyway. I'm going to lean very far out the window and assume he meant the actual private key, not the private key-ring/-file/... -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, Oct 17, 2011 at 4:18 PM, wrote: > > what is the best way to protect > your private key from getting stolen? Your private key being stolen isn't really that big of a deal. If you have a very strong passphrase, possessing your private key gives an attacker almost no leverage. With a strong passphrase, the average attacker isn't going to be able to break your key on modern hardware and anyone who could break it probably doesn't need your private key to decrypt your messages anyway. Anthony ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... Rereading the post, you're probably right. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On Mon, Oct 17, 2011 at 4:44 PM, Jerome Baum wrote: >> Your private key being stolen isn't really that big of a deal. If you >> have a very strong passphrase, possessing your private key gives an >> attacker almost no leverage. With a strong passphrase, the average >> attacker isn't going to be able to break your key on modern hardware >> and anyone who could break it probably doesn't need your private key >> to decrypt your messages anyway. > > I'm going to lean very far out the window and assume he meant the actual > private key, not the private key-ring/-file/... Correct assumption. :-) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: private key protection
On 10/17/11 5:18 PM, takethe...@gmx.de wrote: > what is the best way to protect your private key from getting > stolen? Smartcard and a good PIN. That's pretty much the gold standard. It's not the best way (there is no 'best way'), but it's generally an excellent place to start from. > 1. Using gnupg on a windows PC with internet connection is not good, > because there are too many trojans out there. Let's be cautious here: if using GnuPG on a Windows PC with an internet connection is not good, then using GnuPG on a Linux machine with an internet connection is not good, either. Turenne once wrote, "when a general makes no mistakes in war, it is because he has not been at it long." The same can be said of system administrators: when a sysadmin has never lost a box to an exploit, it is because he or she has not been at the job very long. > 2. Using gnupg on a linux PC with internet connection (like privatix, > see http://www.mandalka.name/privatix/index.html.en ) is better since > there are fewer(?) security holes and trojans out there. I emphatically disagree with this. > 3. The best way "The best way" is almost always a misnomer. Everyone has different needs and is targeted by different threats: what's "best" for you will likely be very bad for someone else. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
private key protection
Hi everybody, what is the best way to protect your private key from getting stolen? I think: 1. Using gnupg on a windows PC with internet connection is not good, because there are too many trojans out there. 2. Using gnupg on a linux PC with internet connection (like privatix, see http://www.mandalka.name/privatix/index.html.en ) is better since there are fewer(?) security holes and trojans out there. How big do you think is the thread? 3. The best way is to have one PC connected to the internet and another, without an internet connection (missing network drivers and a fully encrypted hard disk for instance), which you use to decrypt and encrypt messages. You use an USB stick to carry messages from the internet PC to the one not connected to the net. If you don't have two PCs, you can use another USB stick with privatix without network drivers on it. Which software can I use under point 3 to put my messages in order (date, sender, etc.) on a linux system? Most people use something like point 2, don't they? Point 3 is the only satisfying to me, since I find it hard to judge the the thread in point 2. Additionally point 3 makes it easier to see when your key might have been stolen: If you see traces that someone broke into your house and searched everything for the hidden privatix USB stick. Only experts might notice a trojan under point 2. Thanks for answers, Jan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users