Hello,
Through an article [1] in LWN, I stumbled across a thread [2] on this
list that dealt with the usefulness of smartcards for storing
OpenPGP keys.
I understand that OpenPGP smartcards do not protect from a compromise
of the computer system that they are used with. As Peter Lebbing puts
it
Hi Christoph,
There is one feature of smartcards that's hard to reproduce otherwise:
once you pull the smartcard out of the port the attacker can't use it.
If they steal your private keys they can do as they please with it
(until you revoke keys and users refresh your key... that can take some
On 07/01/2020 13:09, Wiktor Kwapisiewicz via Gnupg-users wrote:
> These two things are really useful when using the same token on multiple
> devices (e.g. I use the same card on my laptop and phone).
This is also a very good argument for smartcards - transferring a
private key between devices is e
On 2020-01-06 18:26, Christoph Groth wrote:
Robert J. Hansen justifies [4] his use of a smartcard as follows:
Why don't I want to store the private key on multiple computers?
Because a good rule of thumb in a forensics lab is "store the minimum
personal data possible on your systems".
But the
Few of them will have a 128-bit secure passphrase like RJH. :-)
Dude, the lab I worked in *required* me to use 128-bit secure
passphrases. It was *awful*. And a 180-day change policy. But the
good news is that once you prove to yourself you can do that, the idea
of keeping a 128-bit passph
On Tue, Jan 07, 2020 at 00:26:14 +0100, Christoph Groth wrote:
> Through an article [1] in LWN, I stumbled across a thread [2] on this
> list that dealt with the usefulness of smartcards for storing
> OpenPGP keys.
I don't have time to read what I already wrote in that thread, so I'm
sorry if I re
On Tue, Jan 07, 2020 at 14:09:50 +0100, Wiktor Kwapisiewicz via Gnupg-users
wrote:
> Additionally smartcards require PINs and lock the card after several
> tries. This is not possible with keys on USB drives.
PINs can also be changed confidently.
The passphrase of the _copy_ of a key on disk can
Robert J. Hansen wrote:
> On 2020-01-06 18:26, Christoph Groth wrote:
> >
> > But then he also mentions his 128-bit passphrase and that he would
> > be OK to publish his (passphrase-protected) private key in
> > a newspaper. Why then not store it on the disks of multiple
> > computers?
>
> Hint:
Wiktor Kwapisiewicz wrote:
> There is one feature of smartcards that's hard to reproduce otherwise:
> once you pull the smartcard out of the port the attacker can't use it.
>
> (...)
Thanks, that’s a good point! So if one’s concern is signing or
authentication, this is indeed useful. However,
On 07/01/2020 22:58, Christoph Groth wrote:
> How about the alternative of keeping small USB keycards (like a Yubikey
> nano) permanently plugged into the machines that you are using?
> Assuming that you trust the keycards to keep their secrets, wouldn’t
> that provide at least the advantage of a m
On 2020/01/08 17:29, Franck Routier (perso) wrote:
> Notice that some features, like the metal contact toggle on some yubikey
> can mitigate the problem of having an attacker with full local access.
> You then have to touch the key each time you want to use it, so
> illegitimate access would be not
Notice that some features, like the metal contact toggle on some yubikey can
mitigate the problem of having an attacker with full local access. You then
have to touch the key each time you want to use it, so illegitimate access
would be noticed.
Le 8 janvier 2020 13:51:58 GMT+01:00, Andrew Gall
I think this can be configured:
ykman openpgp touch enc on
ykman openpgp touch sig on
Franck
Le 8 janvier 2020 18:35:20 GMT+01:00, Andrew Gallagher a
écrit :
>On 2020/01/08 17:29, Franck Routier (perso) wrote:
>> Notice that some features, like the metal contact toggle on some
>yubikey
>> can
Could one of the admins please twit this subscriber? Their autoreply has
been firing since November.
A
--- Begin Message ---
Exmos. Senhores,
Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que
muito agradecemos.
Vamos imediatamente analisar o caso e responderemos com
14 matches
Mail list logo
