iButton Crypto (Slightly off topic)
Wed, 8 Mar 2000 01:48:35 +0300
On Tue, Mar 07, 2000 at 09:54:16AM +0100, Werner Koch wrote:
> On Mon, 6 Mar 2000, Michael Sobolev wrote:
> > Does it mean that you think it's not a very good idea to use iButtons to store
> > the secret keys? What's the point of storing *a part* of the passphrase?
> There is not much need to do so. With a good passphrase your secret
> key is protected very well - a random string stored in a iButton gives
> a very good passphrase. What happens if you lose your iButton with
> the secret key? - It is not so difficult to get it out of that device.
> If you just lose your iButton with the passphrase, an attacker must
> find that button and get access to your secret key (and the additional
> The secret key has to be transferred to your desktop box anyway
> because the iButton is not fast enough to do the crypto operations.
> And a memory only iButton is much cheaper.
No, I do not take into account crypto iButtons... :)
(I have quoted all of your message)
If you do not mind, I'd like to clarify [to myself] few things.
If you just have a pair of keys, then according to the known practices it is
recommended to generate a revokation certificate as soon as you generate a key
pair, correct? So if you loose your iButton, you just issue (send our,
whatever :) you revokation certificate, and everything is fine, right? So
I do not see too big problem with loosing the iButton itself.
But if I choose to use my iButton for passphrase only, that means that I have
to use many keys should I work (in general sense) in many places, which does
not seem to be very good for me. What do you think?
Besides, I believe the current implementation of gnupg does not allow to
use something like
gpg --secret-keyring=extension:/some/path/or/similar ...
Are you planning to add support for things like this?