Don't store your key on a flash drive! [was Re: GnuPG (GPG) Problem]

Robert J. Hansen rjh at
Sat Aug 19 21:37:28 CEST 2006

Jonathan Rockway wrote:
> I would recommend that you don't do that.  What if you lose the 
> drive? Then your private key is compromised.

Let's not use the word 'compromised'.  Let's call it 'loss of control'.

If I leave my wallet on my desktop for an hour while I go to a meeting,
are my credit cards compromised?  I think we'd agree that they're
probably not.  If I get mugged and my wallet stolen, are my credit cards
compromised?  I think we'd agree that they are.

Compromise usually means not only a failure of access controls, but a
strong likelihood of unauthorized persons exploiting the failure of
access controls.

Losing a dongle doesn't necessarily mean it's been compromised.  It
means you have a problem, yes, one that's in need of addressing, but it
doesn't necessarily call for a key revocation.

> Do you have a revocation certificate in a safe location?

Having a revocation certificate is totally unrelated to the issue of
whether one uses a USB dongle or a cryptographic card.

> The OpenPGP smartcard is a much safer option, since it will not give 
> up the private key (even if you have the password), and will lock 
> itself after 3 incorrect password attempts. (And after 3 incorrect
> Admin PIN attempts, it will destroy itself, which is pretty
> inconvenient for someone trying to steal your key.)  Compare this to
> a pen drive that will let anyone copy off the secret key and guess
> the passphrase on their friendly local supercomputer cluster.

The entire point of a passphrase on a key is so that even if the
attacker _does_ have a supercomputer cluster it will be of no use.  An
OpenPGP card may allow you to get away with a weaker passphrase, but
there's nothing inherently dumb about putting a private key on a USB
dongle as long as the passphrase is sufficiently strong.

Given the choice between trusting flash memory to wipe itself, and
trusting that strong cryptography is going to stand up to even dedicated
cryptologic attacks, I'll put my money on the latter any day of the week.

> The other advantage is that if your card gets stolen, you *know* that
> it's been stolen.

I have a two gig USB dongle on my (physical) keyring right next to my
car and office keys.  If that gets stolen, trust me: I'll know.  Whereas
if you were to go through my wallet and randomly pilfer one of my cards,
I might not know it for a while: while I use my ATM card almost daily, I
can't remember the last time I needed to pull out my amateur radio license.

What it boils down to is this: there are no silver bullets.  There is
more than one way to do it.  If the OpenPGP card works for you, then
great, go for it.  But if the OpenPGP card doesn't work for someone
else, then you're wasting their time by telling them "oh, don't do that,
use an OpenPGP card."

Speaking for myself, I have doubts about the long-term security of
RSA/1024.  I much prefer RSA/2048 instead.  Thus, the OpenPGP card fails
to meet my own security policy... whereas storing a copy of my private
key on my USB dongle, with a high-security passphrase, is a far better
solution than an OpenPGP card.

More information about the Gnupg-users mailing list