Announced chat control by the EU

Jacob Bachmeyer jcb62281 at gmail.com
Thu Oct 9 06:29:40 CEST 2025 

On 10/8/25 06:47, Rat Bag via Gnupg-users wrote:
> On 10/8/25 05:27, Jacob Bachmeyer via Gnupg-users
> 'gnupg-users at gnupg.org' wrote:
>
> [...]
>
>> ...offline, air-gapped box....
>
> Even at the moment, this is the prudent MO for those that
> must assume that their communication device (mobile or
> laptop/desktop) operating system provider is cooperating
> with their adversary.

This is why you should be using Free software.  Do not store critical 
secrets on Windows if you want them to stay secret!  (or Apple, or any 
other nonfree system, for that matter)

> It may well be that it is only practical to use 1.4x on an
> air-gapped device. If 4096bit RSA is considered sufficiently
> resistant to cryptanalysis (i.e., ignoring signing!), can
> such keys generated by 1.4x be considered just as secure as
> are the equivalent keys generated by 2.xx?

I have not checked (hint!) the source code (hint!) specifically, but I 
have a vague recollection that 1.4 depended heavily or completely on 
/dev/random.  If the system RNG is secure, so are the keys generated by 
GPG 1.4.  It might be advisable to have the box running for some time (a 
day or more if possible) to ensure that sufficient entropy has been 
gathered before generating keys.

On a box using the Linux kernel, some of the values under 
/proc/sys/kernel/random might be useful to monitor.  (but not 
"uuid"---/proc/sys/kernel/random/uuid consumes some entropy to generate 
a random UUID every time you read it)

Also consider your hardware and its entropy sources.  For example, one 
of the inputs to the Linux kernel RNG is the precise timing of disk 
accesses, on the hypothesis that chaotic airflow inside a HDD will 
affect the head positioning and therefore the observed seek time.  This 
entropy source is, of course, useless if you are using an SSD.

The lack of entropy leading to weak keys is *not* theoretical, as I 
understand that some embedded devices can generate predictable SSH host 
keys due to a lack of entropy at first boot.  I have a practice of 
rotating SSH host keys after the first few hours-to-days of uptime when 
standing up a new personal server for this reason, although I am 
probably just practicing paranoia on that point.

This point about adequate entropy also applies to current GnuPG 
releases, since entropy shortage is a system issue.  This is very 
important if you generate keys on a RasPI or similar device.

All that said, I would be *very* surprised if there would be any 
difficulty running current GnuPG on an air-gapped box.  This is the 
classic maximum-security PGP usage model and I would expect GnuPG to 
maintain full support for it.


-- Jacob

More information about the Gnupg-users mailing list