not recognizing my passphrase after moving from XP to Win7
peter at digitalbrains.com
Thu Jul 11 17:23:59 CEST 2013
On 11/07/13 16:23, Henry Hertz Hobbit wrote:
> I imagine it would if I used the keys on Windows
> for either signing or enciphering it may have created the random_seed
> file but since I but I don't use them that way but only for verifying
> detached signature files for what ever reason they never got created.
My best guess is that the random_seed is only created when GnuPG actually uses
random numbers. Verifying a signature doesn't need randomness, unless you're
using randomness to defeat side-channel attacks. I suppose this is not the case.
Once it needs randomness, it will very likely just create a fresh random_seed file.
> Whether you choose to believe my random chaging of nibbles in the
> random_seed file (there is NO plan of what to change or even how
> many and some of them may even get the same nibble with the change)
> is up to you.
I absolutely believe your intention to randomly change things. I also strongly
suspect you are a human being, and I also believe humans are not very capable of
generating randomness. But I already said this, so I don't understand why you
think I doubt your intentions when I have explained my point earlier. Whether
you agree on the inability of humans to generate randomness (or recognise it,
for that matter) is another thing, in which I obviously leave you completely free.
> I am NOT telling this person to do the same thing.
It read as advice to me. You said:
> ... but I do modify the random_seed file with hexedit for
> each key-ring which some people object to. From my point of
> view that is far better than just having each key-ring having
> the same random_seed file.
If I read someone say that what he does is, from his point of view, far better,
I'm inclined to think he implicitly advises me to do the same. I'm not even
going to start thinking about another implication that could, indeed, be made
from this statement, which is not to have the same random_seed file some other
way, like by deleting it.
> In this case, since he copied the entire key ring I would advise
> that he delete the random_seed file as a security measure.
I agree :).
By the way, the random_seed file is only part of the input to the randomisation.
I don't think you'll actually create an insecure system when you copy it
literally from another system, although I'm not sure what a capable attacker can
do. That said, it's easy enough to not copy it (or delete it after copying), and
it was never intended to be copied, so why not just do that. If you think of it.
Otherwise, don't fret, you're probably safe.
PS: Since there are 1200 nibbles in my random_seed file, I would indeed expect
that after at most 16 changes, you will start changing nibbles to a value you
already used. https://en.wikipedia.org/wiki/Pigeonhole_principle
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users