| 1 |
On Wed, Feb 20, 2013 at 01:34:57AM +0100, Stefan Behte wrote: |
| 2 |
> > 2. root key & signing subkey of EITHER: 2.1. DSA, 1024 or 2048 bits |
| 3 |
> > 2.2. RSA, >=2048 bits |
| 4 |
... |
| 5 |
> 1024 DSA keys seem pretty short to me. Surely it might be inconvenient |
| 6 |
> for some (2-3? please write a mail here!) people with smart cards. But |
| 7 |
> then again, especially people going through the hell of using a |
| 8 |
> physical token would understand the need for decent crypto. ;) |
| 9 |
A physical token defends against a different method of attack than a |
| 10 |
longer key. Simply having a longer key isn't going to help you if store |
| 11 |
the key on the laptop and it gets compromised: presuming the attacker |
| 12 |
extracts your secret key and passphrase). In such a case, the smartcard |
| 13 |
at worst limits him to doing some number of signatures only, or even |
| 14 |
better if the reader has a hardwired pinpad, he gets nowhere at all. |
| 15 |
|
| 16 |
Also, if there is a Well-Funded-Organization attacking Gentoo, there are |
| 17 |
MUCH more effective ways for them to compromise us. Any perceived gains |
| 18 |
in that field from requiring DSA2048 and blocking DSA1024 should be |
| 19 |
examined very closely. |
| 20 |
|
| 21 |
> I think key rotation is overdoing it and pretty annoying. Better use a |
| 22 |
> non-annoying, long key from the start? |
| 23 |
NOWHERE did I require key rotation. Why do you think that I did? |
| 24 |
My own key is more than a decade old. I need to see about replacing it |
| 25 |
soon, but I've been trying to hold out for the OpenPGP standard to have |
| 26 |
ECC included, before I repeat getting my extremely large web-of-trust. |
| 27 |
|
| 28 |
> > 4. If you intend to sign on a slow alternative-arch, you may find |
| 29 |
> > adding a DSA1024 subkey significantly speeds up the signing. |
| 30 |
> How slow is that actually? Does it make signing very inconvenient? |
| 31 |
> Maybe someone with a slow machine can write about performance and the |
| 32 |
> "annoyence-factor"... ;) |
| 33 |
Some benchmark results from hake.hppa.dev.g.o, 552Mhz PA-RISC box. |
| 34 |
|
| 35 |
Average of running clearsign ~100 times, for various signature types. |
| 36 |
The gpg.conf was set as in my initial post. |
| 37 |
|
| 38 |
DSA1024 0.059830s |
| 39 |
DSA2048 0.158800s |
| 40 |
DSA3072 0.274850s |
| 41 |
RSA1024 0.060020s |
| 42 |
RSA2048 0.173070s |
| 43 |
RSA4096 0.896480s |
| 44 |
|
| 45 |
For reasons of time, while I wanted to create the keys on the host as |
| 46 |
well for timing, I gave up after the first key, DSA1024, took more than |
| 47 |
3 minutes (I did ensure that /dev/random was not the blocking factor). |
| 48 |
|
| 49 |
If somebody from MIPS or m68k wants to chime in, I think they probably |
| 50 |
have the slowest hardware around presently. |
| 51 |
|
| 52 |
-- |
| 53 |
Robin Hugh Johnson |
| 54 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 55 |
E-Mail : robbat2@g.o |
| 56 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
Archives