Primary and Signing Key on Different Smart Cards

Andrew Gallagher andrewg at andrewg.com
Mon Nov 21 12:24:50 CET 2016


On 21/11/16 11:04, Peter Lebbing wrote:
>>> >> rather trust GnuPG's random number generator than the one on a cheap smartcard
>>> >> (or any smartcard for that matter). So I would recommend to not use the on-card
>>> >> key generation feature anyway.
>> > 
>> > That's quite an interesting point that I have not thought about. Do
>> > you have any references to the papers that I can read on this subject?
> No, but I remember Werner Koch saying he'd rather not use the on-card
> RNG. I tried to find this, but the best I could find was his statement
> that you don't want regular DSA on smartcard[1]. As I understand it,
> that is because of the risk of a failing RNG.

Have a look at the graphs on page 7 of this PDF:

https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_svenda.pdf

tl;dr: Some smart cards have *shockingly* poor RNG implementations.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161121/f9a52d39/attachment-0001.sig>


More information about the Gnupg-users mailing list