| 1 |
On Mon, Nov 11, 2013 at 11:22:29AM +0100, Ulrich Mueller wrote: |
| 2 |
> > 3.2. RSA 4096 bits exactly. |
| 3 |
> Isn't it overkill to use 4096 bits for the signing subkey? I'd expect |
| 4 |
> that the level of protection of the keys themselves in a typical |
| 5 |
> developer's environment is far from being a match for this. (Do all |
| 6 |
> devs use a machine for signing that is isolated from the internet? |
| 7 |
> Or use a smartcard, at least?) |
| 8 |
In the original thread, I posted timing data on slow & fast systems for |
| 9 |
RSA3072 vs RSA4096. Even on a slow system, RSA4096 wasn't that much |
| 10 |
slower. |
| 11 |
|
| 12 |
> Also 4096 bits are generally not supported by smartcards. For example, |
| 13 |
> the OpenPGP card (see http://www.g10code.de/p-card.html) in its newest |
| 14 |
> version supports RSA up to 3072 bits only. |
| 15 |
Wrong, many cards support 4096-bit, including this card. The printed |
| 16 |
statement on the card was for GnuPG at the time of release, the hardware |
| 17 |
DOES support RSA4096 fine. |
| 18 |
|
| 19 |
I will add one very strong recommendation for any smartcard user: By |
| 20 |
design, it's possible to import secret keys ONTO a smartcard, but NOT |
| 21 |
export them. Make a backup of your secret keys & revocation certificate |
| 22 |
and don't put the ONLY copy of your secret key on a smartcard. |
| 23 |
|
| 24 |
OpenPGP Card / Zeitcontrol: |
| 25 |
http://www.g10code.de/p-card.html |
| 26 |
http://shop.kernelconcepts.de/product_info.php?products_id=141 |
| 27 |
This is the Zeitcontrol BasicCard, with an OpenPGP payload. There was an |
| 28 |
older v1.0 & v1.1 implementation of the card (non-Zeitcontorol), and |
| 29 |
that only supports RSA1024, but those cards are a decade old now. |
| 30 |
|
| 31 |
Crypto-Stick: |
| 32 |
https://www.crypto-stick.com/ |
| 33 |
Integrated smartcard-in-USB form factor, supports RSA4096 in the v2 |
| 34 |
variant. |
| 35 |
|
| 36 |
OpenPGP-Card: |
| 37 |
https://github.com/FluffyKaon/OpenPGP-Card |
| 38 |
This is a fully open-source implementation of the OpenPGP SmartCard v2 |
| 39 |
spec. It has a slight catch in that most JavaCards only support up to |
| 40 |
RSA2048. If you load it on a BasicCard, RSA4096 will work. |
| 41 |
|
| 42 |
FST-01: |
| 43 |
http://www.seeedstudio.com/wiki/FST-01 |
| 44 |
Open-hardware version, also RSA2048 max due to hardware, also takes |
| 45 |
~1.5s to make a signature. |
| 46 |
|
| 47 |
Usage instructions for any of the above: |
| 48 |
https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card |
| 49 |
http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups |
| 50 |
|
| 51 |
Notes: |
| 52 |
There are no cards that implement DSA, or ECDSA yet, at least until |
| 53 |
RFC6979 is available in hardware: |
| 54 |
http://gnupg.10057.n7.nabble.com/New-GPLv3-OpenPGP-card-implementation-on-a-java-card-td32949.html |
| 55 |
|
| 56 |
There was at least one other USB-based card I'd seen in person, but I |
| 57 |
can't remember the name or find any references, I think it was at a |
| 58 |
prototype state, so probably didn't make it to market. |
| 59 |
|
| 60 |
> The following XKCD comic summarises the issue quite well. :-) |
| 61 |
> http://xkcd.com/538/ |
| 62 |
I referenced this comic already in the thread earlier in this year. |
| 63 |
If the well-funded-attacker wants to get into Gentoo, there are many |
| 64 |
easier ways to do it, including |
| 65 |
|
| 66 |
-- |
| 67 |
Robin Hugh Johnson |
| 68 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 69 |
E-Mail : robbat2@g.o |
| 70 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |
Archives