1 |
On Wed, Feb 20, 2013 at 01:34:57AM +0100, Stefan Behte wrote: |
2 |
> > 2. root key & signing subkey of EITHER: 2.1. DSA, 1024 or 2048 bits |
3 |
> > 2.2. RSA, >=2048 bits |
4 |
... |
5 |
> 1024 DSA keys seem pretty short to me. Surely it might be inconvenient |
6 |
> for some (2-3? please write a mail here!) people with smart cards. But |
7 |
> then again, especially people going through the hell of using a |
8 |
> physical token would understand the need for decent crypto. ;) |
9 |
A physical token defends against a different method of attack than a |
10 |
longer key. Simply having a longer key isn't going to help you if store |
11 |
the key on the laptop and it gets compromised: presuming the attacker |
12 |
extracts your secret key and passphrase). In such a case, the smartcard |
13 |
at worst limits him to doing some number of signatures only, or even |
14 |
better if the reader has a hardwired pinpad, he gets nowhere at all. |
15 |
|
16 |
Also, if there is a Well-Funded-Organization attacking Gentoo, there are |
17 |
MUCH more effective ways for them to compromise us. Any perceived gains |
18 |
in that field from requiring DSA2048 and blocking DSA1024 should be |
19 |
examined very closely. |
20 |
|
21 |
> I think key rotation is overdoing it and pretty annoying. Better use a |
22 |
> non-annoying, long key from the start? |
23 |
NOWHERE did I require key rotation. Why do you think that I did? |
24 |
My own key is more than a decade old. I need to see about replacing it |
25 |
soon, but I've been trying to hold out for the OpenPGP standard to have |
26 |
ECC included, before I repeat getting my extremely large web-of-trust. |
27 |
|
28 |
> > 4. If you intend to sign on a slow alternative-arch, you may find |
29 |
> > adding a DSA1024 subkey significantly speeds up the signing. |
30 |
> How slow is that actually? Does it make signing very inconvenient? |
31 |
> Maybe someone with a slow machine can write about performance and the |
32 |
> "annoyence-factor"... ;) |
33 |
Some benchmark results from hake.hppa.dev.g.o, 552Mhz PA-RISC box. |
34 |
|
35 |
Average of running clearsign ~100 times, for various signature types. |
36 |
The gpg.conf was set as in my initial post. |
37 |
|
38 |
DSA1024 0.059830s |
39 |
DSA2048 0.158800s |
40 |
DSA3072 0.274850s |
41 |
RSA1024 0.060020s |
42 |
RSA2048 0.173070s |
43 |
RSA4096 0.896480s |
44 |
|
45 |
For reasons of time, while I wanted to create the keys on the host as |
46 |
well for timing, I gave up after the first key, DSA1024, took more than |
47 |
3 minutes (I did ensure that /dev/random was not the blocking factor). |
48 |
|
49 |
If somebody from MIPS or m68k wants to chime in, I think they probably |
50 |
have the slowest hardware around presently. |
51 |
|
52 |
-- |
53 |
Robin Hugh Johnson |
54 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
55 |
E-Mail : robbat2@g.o |
56 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |