howto secure older keys after the recent attacks

David Shaw dshaw at jabberwocky.com
Fri Sep 11 04:35:31 CEST 2009 

On Sep 10, 2009, at 6:32 PM, Christoph Anton Mitterer wrote:

> Hi folks.
>
>
>
> On Thu, 2009-09-10 at 11:08 -0400, David Shaw wrote:
>> The real headache here is (as always) the practical - what to do with
>> existing keys and such.  I suspect that removing SHA1 would
>> effectively mean a new key type for OpenPGP (again, not a disaster -
>> we're on our 4th key type today).
> Wahhhh .... will loose all my signatures *G*
> Ok seriously: ...
>
>
> This is _really_ nice (especially as there are Debian packages for
> it :-D)
>> See also http://www.entropykey.co.uk/
> Anyway,.. I'm really not an randomness-expert so perhaps some  
> questions:
>
> 1) Is this already supported by gpg?

Yes.  It's not that gpg has a driver for it though.  The developers of  
the entropy key were clever and instead of making programs write new  
code to use the key, they made a program that reads the key and feeds  
the Linux entropy pool.  Thus, anything that uses /dev/random (like  
gpg) benefits without code changes.

> 2) If so,.. where would gpg use it? Only for symmetric keys? Or also  
> for
> asymmetric?

Both.

> 3) One problem with such devices is,.. that one can never know (well  
> at
> least normal folks like me) how good they actually are.
> If this company would be evil (subsidiary of NSA or so) they could  
> just
> sell bad devices that produce poor entropy thus rendering our  
> (symmetric
> and asymmetric) keys, signatures etc. "useless". Right?

Not completely useless given the Linux random design, but certainly an  
evil source of entropy would be a serious problem.  Do you have any  
reason to believe this device is evil?  There are many random number  
generators on the market.  Knowing which ones are evil would be handy ;)

> So my question is basically,..
> If gpg would use this,... does it only improve the already existing
> entropy and randomness of the kernel PRNG? I mean that gpg somehow
> "merges" the different sources?
> Or is it more or less a,.. either use the kernel PRNG or the hardware
> RNG.

The kernel merges several sources of entropy into the /dev/random  
pool.  The entropy key would just be another source (though a very  
prolific source) of entropy.

David

More information about the Gnupg-users mailing list