Den 3 jan 2014 20:42 skrev "coderman" <coder...@gmail.com>: > > use case is long term (decade+) identity rather than privacy or > session authorization. > > eternity key signs working keys tuned for speed with limited secret > life span (month+). working keys are used for secret exchange and any > other temporal purpose. > > you may use any algorithms desired; what do you pick? > > > Curve3617+NTRU eternity key > Curve25519 working keys > ChaCha20+Poly1305-AES for sym./mac > ? > > > this assumes key agility by signing working keys with all eternity > keys, and promoting un-broken suites to working suites as needed. you > cannot retro-actively add new suites to eternity keys; these must be > selected and generated extremely conservatively. > > other questions: > - would you include another public key crypto system with the above? > (if so, why?) > - does GGH signature scheme avoid patent mine fields? (like NTRU patents) > - is it true that NSA does not use any public key scheme, nor AES, for > long term secrets? > - are you relieved NSA has only a modest effort aimed at keeping an > eye on quantum cryptanalysis efforts in academia and other nations? > > > best regards
First of all I'd have a lifetime masterkey intended to never be touched (meant for permanent secure storage) at the top, that signs the long-term subkey. That means that if your long-term key (which you very likely WILL access a few dozen to hundred times at least) is compromised, you can replace it. My process would be to generate a lifetime masterkey + long-term subkey + "working key", where each long-term key signs new working keys (and revokes them) as well as new long-term keys, and where the masterkey can revoke and replace all other keys. Note that NTRU now has a pledge that it is free for all open source software (it's even officially on github with that license). They have a long list of approved licenses where usage is all free. - Sent from my phone
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography