RE: [suse-security] public key encryption
I am wondering if people would comment on a security configuration where a PGP public key and private key are both well known, but the private key is protected with a very strong passphrase. Let's assume that in this case, that is the only security I can guarantee. How safe would messages encrypted with the public key be?
The maximum strength is determined by the passphrase. Weaknesses in the private key file format or other things could well lower the strength of the private key's secrecy. For a provocative question, define "a very strong passphrase". Why is the secret key in the hands of someone who mustn't have it? Is this party the root user? Tobias
For my purpose, I have to assume that someone can hack into to machine storing the encrypted data, and also break into the machine storing the passphrase protected private key, because they are different users on my one and only machine. Only my passphrase is off-site. So lets assume the passphrase is 30 random digits. Dale. -----Original Message----- From: Reckhard, Tobias [mailto:tobias.reckhard@secunet.com] Sent: Wednesday, October 16, 2002 11:49 PM To: suse-security@suse.com Subject: RE: [suse-security] public key encryption
I am wondering if people would comment on a security configuration where a PGP public key and private key are both well known, but the private key is protected with a very strong passphrase. Let's assume that in this case, that is the only security I can guarantee. How safe would messages encrypted with the public key be?
The maximum strength is determined by the passphrase. Weaknesses in the private key file format or other things could well lower the strength of the private key's secrecy. For a provocative question, define "a very strong passphrase". Why is the secret key in the hands of someone who mustn't have it? Is this party the root user? Tobias -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thu, Oct 17, 2002 at 12:05:33AM -0700, Dale (as zippy) wrote:
For my purpose, I have to assume that someone can hack into to machine storing the encrypted data, and also break into the machine storing the passphrase protected private key, because they are different users on my one and only machine. Only my passphrase is off-site.
So lets assume the passphrase is 30 random digits.
And you keep that on a post-it note in your wallet? :-) The problem with pass phrases is that the really strong ones (like 30 random digits) are impossible to remember. Memorizing pass phrases usually requires that they're based on words, sentences, etc, to which you may apply some obfuscation rules to add non-alphanumeric characters - like c00l d00d 3nc0d1ng. Dictionary attacks on pass phrases are definitely possible, and if the key is valuable, throwing lots of computing power at it may not be the issue. Crypto issues aside, there's a very practical question. Which is, will you use the private key on a machine your potential adversary has access to. If you do, your biggest worry should be that s/he snoops on your tty input and copies your pass phrase as you type it. In general, I think it's a bad idea to store your private key somewhere where you have reason to worry that it gets stolen by an attacker, or modified. I would recommend using a smart card in this case, because you can remove it if you don't need it, and the private key never leaves the card - all operations are performed on-card. So an attacker cannot copy your key to his private machine and try to decrypt it etc. In addition, if keyboard snooping is an issue, you can even use a card reader with a keypad, so that you can enter the PIN without involvement from the host OS. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
I would recommend using a smart card in this case, because you can remove it if you don't need it, and the private key never leaves the card - all operations are performed on-card. So an attacker cannot copy your key to his private machine and try to decrypt it etc. In addition, if keyboard snooping is an issue, you can even use a card reader with a keypad, so that you can enter the PIN without involvement from the host OS.
does the actual (as in 'the one that comes with suse 8.0) gpg do smartcards? if so, which reader / card combo would I need? I _DO_ have a card terminal from towitoko somewhere... bye, [MH]
You can also use a USB disk (pen sized) with FLASH memory if you have problems running a smart card. I prefer the smart card but USB disks are cheaper, and are compatible with all OS that have USB plug_and_play support, and do the trick... Just mount the disk when you need the private key and unmount when you don't, so you can keep the small USB disk with you. cheers /valter On Thu, 2002-10-17 at 09:46, Mathias Homann wrote:
I would recommend using a smart card in this case, because you can remove it if you don't need it, and the private key never leaves the card - all operations are performed on-card. So an attacker cannot copy your key to his private machine and try to decrypt it etc. In addition, if keyboard snooping is an issue, you can even use a card reader with a keypad, so that you can enter the PIN without involvement from the host OS.
does the actual (as in 'the one that comes with suse 8.0) gpg do smartcards?
if so, which reader / card combo would I need? I _DO_ have a card terminal from towitoko somewhere...
bye, [MH]
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- ---..---..---..---..---..---..---..---..---..---..---..---..---- Valter Santos vsantola@devfusion.net ||| http://devfusion.net/~vsantola/keys/ (@ @) ------------------------------------------oOO--(_)--OOo---------
The main point for using a smart card (with crypto processor) is, that all crypt operations are performed on the card. The private key itself doesn't leave the memory of the card, it is very hard to extract that key from the card (normally these cards are (should be :) ) quite tamper resistant). The enrcypted key lying around on a system is a weak point. Most applications (gpg, ssh?) check if the file that stores the ecnrypted has the right permissions (e.g. can only be read by the user .. i know root can also). But if you cant trust root, well you cant trust anything. Its very easy to keylog your passphrase. And id say that in 90% of the cases this would be cheaper to do then to break the encryption (passphrase). The only method that i see as secure, is to have a "trusted" device that signs/crypts for you (e.g. smart cards). But that opens up another can of worms... how can i be sure that the form that my smart card signs after i enter the oin on my reader is actually the form that is displayed on my screen? So the future is a smartcard with a display? A handheld? A "palladium" system (god beware!)? peace, Tom Valter Santos wrote:
You can also use a USB disk (pen sized) with FLASH memory if you have problems running a smart card. I prefer the smart card but USB disks are cheaper, and are compatible with all OS that have USB plug_and_play support, and do the trick...
Just mount the disk when you need the private key and unmount when you don't, so you can keep the small USB disk with you.
cheers /valter
participants (6)
-
Dale (as zippy) -
Mathias Homann -
Olaf Kirch -
Reckhard, Tobias -
Thomas Seliger -
Valter Santos