Secret key storage question

Sam Roberts sroberts at certicom.com
Tue Jun 18 23:18:02 CEST 2002 

Wrote Gordon Worley <redbird at rbisland.cx>, on Tue, Jun 18, 2002 at 01:10:36PM -0400:
> On Tuesday, June 18, 2002, at 12:19  PM, Frank Tobin wrote:
> >Gordon Worley, on 2002-06-18, wrote:
> I use length assuming a passphrase made up of random bits.  My reason 
> for brining this up is that some users want to use Apple's Keychain 
> program, which keeps all of their passphrases in one location, with the 
> Mac GPG applications.  Before I looked at implementing this, though, I 
> wanted to know if there would be some benefit (i.e. there's some real 
> improved difficulty in hacking the key if someone got hold of your 
> secret keyring and the passphrase is long and random enough that the 
> user couldn't remember it without a program like Keychain).

It's possible that Keychain program has some way of dealing with this,
and/or you've already thought about this, but here's something to think
about:

If you use a long random passphrase for your gpg secret key ring, that
increases your security. If you store that in Keychain, and Keychain
uses a short easy-to-remember passphrase, you have no more security than
if you had used that short passphrase for the gpg key ring. The system
is only as strong as the weakest link.

So, unless Keychain uses a non-password based technique for security (ID
cards, bio-metrics, ...), the user STILL has to remember at least one long
good passphrase. 

That said, you could argue that instead of remembering really long good
different pass phrases for gpg, and your cheque book, and the root
logins on your 4 servers, etc., you can auto-generate really good ones
for all those things, and then remember only ONE good passphrase. This
would be more convenient. Rember taht if, for some reason, the Keychain
passphrase IS broken (maybe somebody sees you type it?) then the
attacker also has access to ALL you keys.

Anyhow, I'd say its better to use Keychain with a really good pass
phrase for it, than to try and remember 5 different pass phrases (at
least with my memory) so it may be a good idea. Just remember that your
insanely great gpg passphrase is still only secure as whatever
passphrase, or other technique, that Keychain uses.

> Also, can the passphrase be any string of bits (lumped into bytes before 
> giving it to GnuPG), or are there some limitations?

Even if you have a random string of bits for a passphrase and gpg chokes
on non-ascii characters you can always get gpg to accept it by breaking
it into 4 bit chunks, and mapping each chunk to a character in the
printable ascii range. The string will be twice as long, but have the
same entropy.

Sam

-- 
Sam Roberts <sroberts at certicom.com>

More information about the Gnupg-devel mailing list