key generation: paranoia mode - explicit random input
Hauke Laging
mailinglisten at hauke-laging.de
Wed Feb 26 06:08:41 CET 2014
Hello,
I just got asked: "How do I know that GnuPG in distro XY is not
compromised?"
The answer to this question is long and unpleasant.
Thinking about that I had an idea – once more I can just hope it's new.
One of the worst problems is that key generation might be compromised. I
think this is the worst case because THEY would not even have to steal
your key any more. And clever modifications to random data are hard to
detect.
I suggest to add a new key generation mode. The only difference would be
that the random input is not read from /dev/random any more (and that
random_seed would not be used or newly initialized) but from an explicit
source: --random-source /path/to/file. With that (I guess very small)
change every GnuPG installation should generate the same key material
(of course, the timestamps would have to be given, too).
Then people who need a very high level of security could create a pool
of random data (e.g. by reading from /dev/random) and use this data and
the same timestamps with different Linux distros, even with Windows. ;-)
If the generated keys are exactly the same on all systems then it is
very improbable that the key generation has been compromised (or all is
lost anyway).
This would be much easier (and thus available to normal people) than
attempts to audit a distro.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140226/c72d7195/attachment.sig>
More information about the Gnupg-users
mailing list