Primary and Signing Key on Different Smart Cards
Andrew Gallagher
andrewg at andrewg.com
Mon Nov 21 12:24:50 CET 2016
On 21/11/16 11:04, Peter Lebbing wrote:
>>> >> rather trust GnuPG's random number generator than the one on a cheap smartcard
>>> >> (or any smartcard for that matter). So I would recommend to not use the on-card
>>> >> key generation feature anyway.
>> >
>> > That's quite an interesting point that I have not thought about. Do
>> > you have any references to the papers that I can read on this subject?
> No, but I remember Werner Koch saying he'd rather not use the on-card
> RNG. I tried to find this, but the best I could find was his statement
> that you don't want regular DSA on smartcard[1]. As I understand it,
> that is because of the risk of a failing RNG.
Have a look at the graphs on page 7 of this PDF:
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_svenda.pdf
tl;dr: Some smart cards have *shockingly* poor RNG implementations.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161121/f9a52d39/attachment-0001.sig>
More information about the Gnupg-users
mailing list