Private key storage hashed vs mac
kylebutt at gmail.com
Thu Feb 21 17:22:21 CET 2013
On Feb 21, 2013 2:22 AM, "Werner Koch" <wk at gnupg.org> wrote:
> On Thu, 21 Feb 2013 08:55, kylebutt at gmail.com said:
> > I'm curious about the private key storage. Currently the integrity of
> > the key is protected by a sha1 of the plaintext. Were there
> > discussions around using encrypt then authenticate with a mac?
> The reason this scheme is used is because it is identical to the modern
> OpenPGP way protecting keys.
Can you point me at the reference for this?
> We had this discussion a decade ago and it pops up on cryptography@ from
Can you point me at the archives for that discussion?
> time to time. However, if you want to evaluate this, please also
> consider that a (protected) private key is not intended to be send over
> any public channel  but merely acts as a fail stop mitigation in case
> an attacker got physical access to the machine. If it is possible for
> attacker to gain access to the protected key he should also be able to
> install malware to retrieve an unprotected copy of the key.
There are scenarios where an attacker can read or modify your keys without
being able to put malware on a machine.
I wanted to find the discussion, but nothing turned up on Google.
>  Modulo Robert's offer to run an NYT ad with his private key.
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel