Re: Length for AES256 symmetric encryption passphrase?
How long a passphrase is recommended for generating a 32 byte (AES) key? Depends on how you generate it and how much entropy you want. For my high-security passphrases I grab 16 bytes (128 bits) from /dev/urandom and base64-encode it. Works great for me and provides an excellent security margin. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
This a rather naive question, but I haven't found and answer to it. When doing symmetric encryption with AES256, is there any reason to have a passphrase that exceeds 32 characters (since that's the length of the AES key)? Yes. English has about 1.5 bits of entropy per symbol. A 32-character passphrase could thus be any of about a trillion different things. That's a 1 followed by 12 zeroes. A 256-bit keyspace is so huge English can't describe it. It's a 1 followed by 77 zeroes. The difference between the two is sort of like comparing a lit match to Supernova 1987A. The difference is on that level of mind-boggling vastness. Using plain English for the passphrase, a 170-character passphrase is necessary to provide a full 256 bits of entropy. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
On Fri, Apr 4, 2014 at 10:46 AM, Sam Gleske sam.mxra...@gmail.com wrote: On Fri, Apr 4, 2014 at 2:04 AM, Robert J. Hansen r...@sixdemonbag.orgwrote: Using plain English for the passphrase, a 170-character passphrase is necessary to provide a full 256 bits of entropy. Interesting math. However, I believe the OP mentioned they're generating the password and storing so human readable, i.e. English, isn't an issue. What would be the recommended length for completely random characters generated, for example, by a password manager such as keepassx? To clarify and be more specific... if one were using the password as the symmetric key in the GPG software (libcrypt)? Or perhaps even just using openssl tools? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
On Fri, Apr 4, 2014 at 2:04 AM, Robert J. Hansen r...@sixdemonbag.orgwrote: Using plain English for the passphrase, a 170-character passphrase is necessary to provide a full 256 bits of entropy. Interesting math. However, I believe the OP mentioned they're generating the password and storing so human readable, i.e. English, isn't an issue. What would be the recommended length for completely random characters generated, for example, by a password manager such as keepassx? SAM ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using an RSA GnuPG key for RSA ?
On Thu, Apr 03, 2014 at 09:56:18AM -0400, ved...@nym.hush.com wrote: On Wednesday, April 02, 2014 at 5:41 PM, Leo Gaspard ekl...@gmail.com wrote: If you are not to use the key in gnupg, why make gnupg generate it in the first place? Why not use the program with which you'll use the key to generate it? = Where in the post did you get the idea that I would not? I trust GnuPG's generation of keys, but prefer not to trust closed source programs generating RSA keys. I would like to use my GnuPG RSA key, easily available on keyservers, for other RSA functions. vedaal (As you didn't answer to list, I'm not cutting. Hope you didn't mean it to be a private message, but it clearly didn't seem like one.) Well... I inferred it from use it (not in GnuPG, but in other systems using RSA keys), from your first message. Anyway, as Sam puts it, you'd be better not putting your RSA key everywhere. And... You say you do not trust closed source programs for key generation, but does that mean you trust them for key usage? Otherwise, you could just as well throw your key to the dustbin. What I could propose would be to : * Make a gpg key, master key, airgapped, etc. * On each system on which you mean to use cryptography, generate a keypair using the program with which you are going to use it (or possible openssl, if the program does not generate keys). * Sign the public key of each keypair with your gpg key. As it is not a stricto sensu pgp key, sign the armored key as a plaintext message, if possible with a preceding comment explaining what it is to be used for. * Publish these signatures somewhere easily found. * If you want so, encrypt the private key with your mainkey and store it somewhere safe enough (it's encrypted, after all). This way, each keypair gets the maximum security it can have : the security of the application using the private keypart. (Actually, if you choose to keep an encrypted backup, you also need to keep the mainkey safe, but that's supposed as being the most protected part of the whole setup, so...) What do you think about it? Leo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
Interesting math. However, I believe the OP mentioned they're generating the password and storing so human readable, i.e. English, isn't an issue. What would be the recommended length for completely random characters generated, for example, by a password manager such as keepassx? Your questions are not clear enough to be answered. What would the recommended length for completely random characters generated, for example, by a password manager such as keepassx? If one were using the password as the symmetric key in libgcrypt? Or perhaps even just using openssl tools? 1. Well, which password managers? Just because a character is completely random tells me nothing about how much entropy is contained in each symbol. TTHTHHTTH is a completely random sequence (generated it just now by flipping a fair coin), but it only has one bit of entropy per symbol. fBTvC is a completely non-random sequence, but it has a lot more entropy per symbol. Without knowing how a random password is generated I can't answer this. 2. Recommended for what purpose? 256 bits of entropy is wild overkill for almost all purposes. 128 bits of entropy is generally speaking plenty. 3. Which toolkit? libgcrypt and openssl are two completely different toolkits that work in completely different ways, and an answer appropriate for one might not be appropriate for the other. 4. What is it you really want to know? You already know: AES depends on having a 32-bit key which can support up to 256 bits of entropy. You've been told two good metrics for estimating entropy in a passphrase: 1.5 bits per glyph of English text, 5 bits per glyph of base-64ed random data. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using an RSA GnuPG key for RSA ?
On Friday, April 04, 2014 at 12:49 PM, Leo Gaspard wrote:On Thu, Apr 03, 2014 at 09:56:18AM -0400, ved...@nym.hush.com wrote: On Wednesday, April 02, 2014 at 5:41 PM, Leo Gaspard wrote: If you are not to use the key in gnupg, why make gnupg generate it in the first place? Why not use the program with which you'll use the key to generate it? = Where in the post did you get the idea that I would not? I trust GnuPG's generation of keys, but prefer not to trust closed source programs generating RSA keys. I would like to use my GnuPG RSA key, easily available on keyservers, for other RSA functions. vedaal And... You say you do not trust closed source programs for key generation, but does that mean you trust them for key usage? = I trust them to encrypt to my public key, and was planning to work out a system where I could decrypt on my own without it going through them. (they could have my public key, and verify my RSA signature). [All this is in the theoretical planning stage ;-) first I would need to be able to isolate my RSA part of my GnuPG key and see if it can be used with an open source simple RSA program offline. That was my original question.] vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
To be clear, I want to use gnupgp to do symmetric encryption using AES256. As I understand it, the 'gpg -symmetric ...' command converts a pass phrase into a key, a 32 byte key in the case of AES256. I /assume/ that this conversion is 'deterministic' since as far as I can tell, the 'gpg -symmetric ...' does not store the key it generates. Correct me if I'm wrong. I am trying to decide how long a pass phrase to use. I have not decided how to generate the pass phrase. Assume that it is pseudo-randomly chosen from the an english language character set. On 4/4/14, 10:10 AM, Robert J. Hansen wrote: Interesting math. However, I believe the OP mentioned they're generating the password and storing so human readable, i.e. English, isn't an issue. What would be the recommended length for completely random characters generated, for example, by a password manager such as keepassx? Your questions are not clear enough to be answered. What would the recommended length for completely random characters generated, for example, by a password manager such as keepassx? If one were using the password as the symmetric key in libgcrypt? Or perhaps even just using openssl tools? 1. Well, which password managers? Just because a character is completely random tells me nothing about how much entropy is contained in each symbol. TTHTHHTTH is a completely random sequence (generated it just now by flipping a fair coin), but it only has one bit of entropy per symbol. fBTvC is a completely non-random sequence, but it has a lot more entropy per symbol. Without knowing how a random password is generated I can't answer this. 2. Recommended for what purpose? 256 bits of entropy is wild overkill for almost all purposes. 128 bits of entropy is generally speaking plenty. 3. Which toolkit? libgcrypt and openssl are two completely different toolkits that work in completely different ways, and an answer appropriate for one might not be appropriate for the other. 4. What is it you really want to know? You already know: AES depends on having a 32-bit key which can support up to 256 bits of entropy. You've been told two good metrics for estimating entropy in a passphrase: 1.5 bits per glyph of English text, 5 bits per glyph of base-64ed random data. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using an RSA GnuPG key for RSA ?
On Fri, Apr 04, 2014 at 01:32:47PM -0400, ved...@nym.hush.com wrote: I trust them to encrypt to my public key, and was planning to work out a system where I could decrypt on my own without it going through them. (they could have my public key, and verify my RSA signature). [All this is in the theoretical planning stage ;-) first I would need to be able to isolate my RSA part of my GnuPG key and see if it can be used with an open source simple RSA program offline. That was my original question.] vedaal Well... As this seems not documented (otherwise I guess someone else would have answered you), I'm going to assume there is no such function available in gnupg. So, this (and the reasons explained by Sam) explains the reason why I'm trying to figure out what you actually want to do, in order to perhaps propose you another solution, instead of merely answering you to write your own extractor. So, if you forgive my bluntness... With what closed program are you trying to interface? Why would you want to use your pgp keypair for this program, and not a key generated for this use? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
René (not a mathematician or cryptographer) Looks good to me. My only correction is a notational one. Keyspaces are normally expressed in bits of entropy, not in 2^N bits of entropy. I'd suggest: L = (3N) / (10 * log S) ... where 'L' is the length of the string in terms of its base component, N is the desired entropy in bits, and S is the keyspace of the string's base component. This avoids having to compute logarithms base-2, since 3/10 is an astonishingly good approximation of two in log-10. Plugging in the numbers for Diceware and a 256-bit key: L = (3 * 256) / (10 * log 7776) L = 768 / (10 * 3.89) L = 768 / 38.9 L = 19.74 Round it up to 20 words and call it done. This is simple enough that you can turn it into a snippet of Javascript, a Python applet, or anything. It's not much work at all. If anyone wants, I'd be happy to put up a passphrase length calculator. And let me repeat, René, you got the math absolutely right. All I did was clean it up a little bit to remove an obnoxious 2^godawful calculation. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Length for AES256 symmetric encryption passphrase?
To be clear, I want to use gnupgp to do symmetric encryption using AES256. As I understand it, the 'gpg -symmetric ...' command converts a pass phrase into a key, a 32 byte key in the case of AES256. Correct! I /assume/ that this conversion is 'deterministic' since as far as I can tell, the 'gpg -symmetric ...' does not store the key it generates. Correct me if I'm wrong. Again, correct! I am trying to decide how long a pass phrase to use. I have not decided how to generate the pass phrase. Assume that it is pseudo-randomly chosen from the an english language character set. Then this becomes pretty straightforward. :) Let's say you use the upper- and lower-case letters, the digits 0 through 9, as well as the '+' and '/' marks. This character set is commonly called 'base64', since there are 64 symbols in the set. Using the equation René provided and I polished a bit, you have: 3 * 256-- 256: size of the key in bits L = --- 10 * log 64 -- 64: how many letters are in your set ... 43 characters. A quick back-of-the-envelope calculation confirms this to be the case. base64 is known to have six bits of entropy per character. 6 * 43 = 258 bits. At 43 characters you're providing GnuPG with 258 bits of entropy to use in creating a 256-bit symmetric key. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: checking signature of pgp mime
On Thursday 03 April 2014 15:06:57 Tim Prepscius wrote: Greetings, So as I said before, I'm working on a pgp base web mail app: https://github.com/timprepscius/mv I am having problems validating the signature of a small percentage of test cases. However GPG with apple-mail says the signatures checkout, soo... I'm obviously doing something incorrectly. KMail also says that the signature matches. Does KMail (or any other mail application) allow the user to get a dump of the signed portion of the message? (apple mail doesn't and the gpg debugging doesn't include it). I need to get a hex dump of what was successfully verified. I've spent many an hour now removing a little white space here, a little white space there with no verified signature. (using a signature block in a detached file) -tim ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users