Re: Signing keys on a low-entropy system
Thank you both for your detailed answers - they were really helpful for me! Johannes On Friday 08 November 2013 19:01:34 Peter Lebbing wrote: On 08/11/13 18:07, Tapio Sokura wrote: Nope, OpenPGP uses EMSA-PKCS1-v1_5, which is completely deterministic. I /think/ GnuPG doesn't need any randomness for RSA signatures. Obviously, this is all conjecture. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing keys on a low-entropy system
Hi, On Fri, 08 Nov 2013 00:11:38 +0100 Johannes Zarl johan...@zarl.at wrote: I'm currently thinking about using a raspberry pi as a non-networked stand- alone system for signing keys. Since I haven't heard anything to the contrary, I'm pretty sure that entropy is relatively scarce on the pi. The Raspberry Pi has a hardware RNG that is supported by rng-tools, which is more than most desktop PCs have: http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis-hardware-random-number-generator/ Not sure about its quality though... René -- https://home.kianga.eu/ PGP key fingerprints: 4096R/0x5FC59EAE = 1FF3 00CE C1A7 68A9 594A 5F1F B45B 1439 5FC5 9EAE 2048R/0x8B64D678 = 28F9 48E9 8B59 F97F 6AFB E0B4 D8C3 477F 8B64 D678 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing keys on a low-entropy system
The hardware-RNG somehow slipped under my radar. Thanks for pointing that out. Out of curiosity: how does GnuPG deal with a system where entropy is scarce (or worse yet, where the RNG is partly predictable)? Cheers, Johannes On Friday 08 November 2013 08:31:09 René Puls wrote: Hi, On Fri, 08 Nov 2013 00:11:38 +0100 Johannes Zarl johan...@zarl.at wrote: I'm currently thinking about using a raspberry pi as a non-networked stand- alone system for signing keys. Since I haven't heard anything to the contrary, I'm pretty sure that entropy is relatively scarce on the pi. The Raspberry Pi has a hardware RNG that is supported by rng-tools, which is more than most desktop PCs have: http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberry-pis -hardware-random-number-generator/ Not sure about its quality though... René ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing keys on a low-entropy system
On 8.11.2013 1:11, Johannes Zarl wrote: How is GnuPG affected by such a low-entropy system? Will operations just take a bit longer, or can this affect the quality/security of generated keys or signatures? Key generation definitely needs good random data. But generating an RSA signature is completely deterministic; the RSA operations themselves do not use or need random data. Another thing is that some signature schemes that use RSA also add random padding data into the data that is being signed, but I don't think signatures in PGP do that. I may be wrong though, haven't combed through the PGP specs thoroughly. Tapio ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Signing keys on a low-entropy system
Hi, I'm currently thinking about using a raspberry pi as a non-networked stand- alone system for signing keys. Since I haven't heard anything to the contrary, I'm pretty sure that entropy is relatively scarce on the pi. How is GnuPG affected by such a low-entropy system? Will operations just take a bit longer, or can this affect the quality/security of generated keys or signatures? I heard that low entropy or a bad entropy source is generall less of a problem for RSA. Is this true? Does this affect me in practice? Cheers, Johannes ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Signing keys on a low-entropy system
(Failed again to answer to list. I really ought to replace this shortcut...) On Fri, Nov 08, 2013 at 12:11:38AM +0100, Johannes Zarl wrote: Hi, I'm currently thinking about using a raspberry pi as a non-networked stand- alone system for signing keys. Since I haven't heard anything to the contrary, I'm pretty sure that entropy is relatively scarce on the pi. I heard haveged is quite good at gathering entropy from anywhere it can (processor cycles, etc.) How is GnuPG affected by such a low-entropy system? Will operations just take a bit longer, or can this affect the quality/security of generated keys or signatures? I heard that low entropy or a bad entropy source is generall less of a problem for RSA. Is this true? Does this affect me in practice? In theory, if /dev/random is configured to allow only random enough data to pass, it should just mean operations would just take longer. However, I am not absolutely sure of this -- but I know in theory /dev/random ensures some minimum entropy, thus sometimes blocking reads. Cheers HTH, Leo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
