1 |
On Mon, Nov 11, 2013 at 11:22:29AM +0100, Ulrich Mueller wrote: |
2 |
> > 3.2. RSA 4096 bits exactly. |
3 |
> Isn't it overkill to use 4096 bits for the signing subkey? I'd expect |
4 |
> that the level of protection of the keys themselves in a typical |
5 |
> developer's environment is far from being a match for this. (Do all |
6 |
> devs use a machine for signing that is isolated from the internet? |
7 |
> Or use a smartcard, at least?) |
8 |
In the original thread, I posted timing data on slow & fast systems for |
9 |
RSA3072 vs RSA4096. Even on a slow system, RSA4096 wasn't that much |
10 |
slower. |
11 |
|
12 |
> Also 4096 bits are generally not supported by smartcards. For example, |
13 |
> the OpenPGP card (see http://www.g10code.de/p-card.html) in its newest |
14 |
> version supports RSA up to 3072 bits only. |
15 |
Wrong, many cards support 4096-bit, including this card. The printed |
16 |
statement on the card was for GnuPG at the time of release, the hardware |
17 |
DOES support RSA4096 fine. |
18 |
|
19 |
I will add one very strong recommendation for any smartcard user: By |
20 |
design, it's possible to import secret keys ONTO a smartcard, but NOT |
21 |
export them. Make a backup of your secret keys & revocation certificate |
22 |
and don't put the ONLY copy of your secret key on a smartcard. |
23 |
|
24 |
OpenPGP Card / Zeitcontrol: |
25 |
http://www.g10code.de/p-card.html |
26 |
http://shop.kernelconcepts.de/product_info.php?products_id=141 |
27 |
This is the Zeitcontrol BasicCard, with an OpenPGP payload. There was an |
28 |
older v1.0 & v1.1 implementation of the card (non-Zeitcontorol), and |
29 |
that only supports RSA1024, but those cards are a decade old now. |
30 |
|
31 |
Crypto-Stick: |
32 |
https://www.crypto-stick.com/ |
33 |
Integrated smartcard-in-USB form factor, supports RSA4096 in the v2 |
34 |
variant. |
35 |
|
36 |
OpenPGP-Card: |
37 |
https://github.com/FluffyKaon/OpenPGP-Card |
38 |
This is a fully open-source implementation of the OpenPGP SmartCard v2 |
39 |
spec. It has a slight catch in that most JavaCards only support up to |
40 |
RSA2048. If you load it on a BasicCard, RSA4096 will work. |
41 |
|
42 |
FST-01: |
43 |
http://www.seeedstudio.com/wiki/FST-01 |
44 |
Open-hardware version, also RSA2048 max due to hardware, also takes |
45 |
~1.5s to make a signature. |
46 |
|
47 |
Usage instructions for any of the above: |
48 |
https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card |
49 |
http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups |
50 |
|
51 |
Notes: |
52 |
There are no cards that implement DSA, or ECDSA yet, at least until |
53 |
RFC6979 is available in hardware: |
54 |
http://gnupg.10057.n7.nabble.com/New-GPLv3-OpenPGP-card-implementation-on-a-java-card-td32949.html |
55 |
|
56 |
There was at least one other USB-based card I'd seen in person, but I |
57 |
can't remember the name or find any references, I think it was at a |
58 |
prototype state, so probably didn't make it to market. |
59 |
|
60 |
> The following XKCD comic summarises the issue quite well. :-) |
61 |
> http://xkcd.com/538/ |
62 |
I referenced this comic already in the thread earlier in this year. |
63 |
If the well-funded-attacker wants to get into Gentoo, there are many |
64 |
easier ways to do it, including |
65 |
|
66 |
-- |
67 |
Robin Hugh Johnson |
68 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
69 |
E-Mail : robbat2@g.o |
70 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |