"I must, sadly, withdraw my endorsement of yubikey 4 devices (and perhaps all newer yubikeys), as apparently Yubico has replaced all open-source components that made yubikey NEOs so awesome with proprietary closed-source code in Yubikey 4s […]"
https://plus.google.com/+KonstantinRyabitsev/posts/4a7RNxtt7vy
Although I don't use the Yubikey myself, it is makes me quite sad that the developers decided to make one of their products non-free.
Maybe we can convince them to readjust their decision.
Regards
-- egnun
Hi,
I read this over the weekend as well, but as I found out through a colleague, this is only about the OpenPGP part. That doesn't make it much better, but most of the Yubikey firmware has been non-free all along. That is something that did not get mentioned in some of the debates.
Happy hacking! Florian
Ya, all Qt desktop apps seem to remain opensource.
A ter, 17/05/2016, 18:00, Florian Snow floriansnow@fsfe.org escreveu:
Hi,
I read this over the weekend as well, but as I found out through a colleague, this is only about the OpenPGP part. That doesn't make it much better, but most of the Yubikey firmware has been non-free all along. That is something that did not get mentioned in some of the debates.
Happy hacking! Florian _______________________________________________ Discussion mailing list Discussion@fsfeurope.org https://mail.fsfeurope.org/mailman/listinfo/discussion
On 17/05/16 18:57, Florian Snow wrote:
Hi,
I read this over the weekend as well, but as I found out through a colleague, this is only about the OpenPGP part. That doesn't make it much better, but most of the Yubikey firmware has been non-free all along. That is something that did not get mentioned in some of the debates.
OpenPGP card has much the same problem,
https://lists.gnupg.org/pipermail/gnupg-users/2014-December/051813.html
Hi,
Daniel Pocock daniel@pocock.pro writes:
OpenPGP card has much the same problem,
That is something I have been thinking about for a while. I was very surprised to receive one from the FSFE. That may not be such a great idea.
Happy hacking! Florian
On Wed, 18 May 2016 07:47, floriansnow@fsfe.org said:
That is something I have been thinking about for a while. I was very surprised to receive one from the FSFE. That may not be such a great
Actually RMS uses such a card himself. He told me a few years ago that it does not matter because it is technically not possible to change the software running on the card.
FWIW, Achim, the author of the specs and the OpenPGP application of the card, has published a basic implementation of the software w/o the parts falling under the NDA with the chip and OS vendors.
If you want a free implementation of an OpenPGP compliant token, you should look at gnuk http://www.fsij.org/category/gnuk.html. The hard- and software has been designed and implemented by my co-hacker gniibe. It is more expensive due to the small-scale production and it does not have any physical protection of the chip. The advantage is that is is fully free software and that it runs a standard micro-controller, which is small enough to allow the detection of malicious hardware modifications.
Shalom-Salam,
Werner
Hi Werner,
Werner Koch wk@gnupg.org writes:
Actually RMS uses such a card himself. He told me a few years ago that it does not matter because it is technically not possible to change the software running on the card.
I know he makes that distinction and I agree with him that it doesn't matter in practial terms, but I would say that it still matters in principle. It should be free, even if I cannot change it personally. He may or may not disagree with that stance, but I don't know that.
If you want a free implementation of an OpenPGP compliant token, you should look at gnuk http://www.fsij.org/category/gnuk.html.
Thank you for telling me about that. I will have a look. To be fair, I don't really need a smartcard right now anyway. I am happy having my GnuPG keys on an encrypted hard drive. That does not protect against every kind of attack, but it is good enough at the moment (and I get to use larger keys).
Happy hacking! Florian
On 05/18/2016 06:16 PM, Florian Snow wrote:
To be fair, I don't really need a smartcard right now anyway. I am happy having my GnuPG keys on an encrypted hard drive.
Besides GnuPG, you can also use it for SSH logins.
That does not protect against every kind of attack, but it is good enough at the moment (and I get to use larger keys).
Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by Zeitcontrol support up to 4096bit RSA keys. Which is already a quite ridiculous size. More important is to rotate (sub)keys regularly, so you don't rely on a single key for a long period. The primary (master) key can still be larger, and does not have to be stored on a smartcard anyway.
Unfortunately, it is very hard to manage rotating subkeys with smartcards, and I have yet to see a tutorial that touches on that aspect. Makes me wonder if anyone really uses it properly.
Where do you keep your subkeys if you rotate, say, every 6 months? I really don't want to carry around 10 smartcards to be able to access a 5 year old email. But, yes, that's more of a "mail-in-storage" problem than a GnuPG problem. Mailvelope shows how one should do it: Symmetric encryption at rest, and GnuPG only for transport.
On Fri, 20 May 2016 05:23, moritz@headstrong.de said:
than a GnuPG problem. Mailvelope shows how one should do it: Symmetric encryption at rest, and GnuPG only for transport.
That does not help. You need to store the symmetric key (becuase you won't be able to remember it) also. For very similar reasons as with public keys, symmetric keys need to be rotated also - no gain.
Modern private keys have a length of 32 bytes - that can be easily printed and entered if need arises.
Shalom-Salam,
Werner
Hi Werner,
Werner Koch wk@gnupg.org writes:
Modern private keys have a length of 32 bytes - that can be easily printed and entered if need arises.
Perhaps this is a joke, but I am confused by that statement. Which jeys are 32 Bytes long?
Happy hacking! Florian
On Tue, 24 May 2016 19:09, floriansnow@fsfe.org said:
Perhaps this is a joke, but I am confused by that statement. Which jeys are 32 Bytes long?
A standard ECC key has a length of 256 bit = 32 byte. The whole point of ECC is that we can gain the same security level as with RSA with a much smaller key.
Salam-Shalom,
Werner
Hi Werner,
Werner Koch wk@gnupg.org writes:
A standard ECC key has a length of 256 bit = 32 byte. The whole point of ECC is that we can gain the same security level as with RSA with a much smaller key.
Of course. I wasn't thinking clearly when I wrote that email. Thank you for clarifying!
Happy hacking! Florian
Hi Moritz,
Moritz Bartl moritz@headstrong.de writes:
Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by Zeitcontrol support up to 4096bit RSA keys.
The Yubikey Neo support 2048 Bits and that is a key size that I am not comfortable with. It may be ok for now, but my email from now might not be safe in a couple of years. I don't want to risk that. I have recently seen a key with 16K and I thought that might be overkill, but then again, better be safe than sorry.
Where do you keep your subkeys if you rotate, say, every 6 months?
I find it an unnecessary hassle to rotate that often. Also, I decided against using subkeys and so I rotate the whole key. I set the key to expire one year after creation and then I decide if it's still safe once a year. If it is, I extend the deadline by another year.
Happy hacking! Florian
Hi all,
Am 24.05.2016 um 19:07 schrieb Florian Snow:
Moritz Bartl moritz@headstrong.de writes:
Both the Yubikey4/Neo (Javacard applets) and the OpenPGP Smartcard by Zeitcontrol support up to 4096bit RSA keys.
The Yubikey Neo support 2048 Bits and that is a key size that I am not comfortable with. It may be ok for now, but my email from now might not be safe in a couple of years. I don't want to risk that. I have recently seen a key with 16K and I thought that might be overkill, but then again, better be safe than sorry.
Keep in mind such high key lengths might be a nuisance for other people (performance...)
Where do you keep your subkeys if you rotate, say, every 6 months?
I find it an unnecessary hassle to rotate that often. Also, I decided against using subkeys and so I rotate the whole key. I set the key to expire one year after creation and then I decide if it's still safe once a year. If it is, I extend the deadline by another year.
So you're throwing away all your signatures regularly.
Best wishes Michael
Hi,
Michael Kesper mkesper@schokokeks.org writes:
Keep in mind such high key lengths might be a nuisance for other people (performance...)
I use 4K; I just saw another key that was 16K. I still use RSA keys because of the slight risk of quantum computers becoming useable within the next 10 years. If I understood things correctly, for those computers, only the key size matters, ECC is not make it significantly more difficult for them to break. Please correct me if I'm wrong here.
So you're throwing away all your signatures regularly.
Not really. I keep my key for many years if it is still safe. After that, I would try the route of asking people to sign my new key by sending them an email signed with both keys.
I also don't currently collect any signatures on my key. I am still not sure it is a good idea and no one has been able to provide a good answer to me yet. The problem I see is that the recommended procedure for signing a key involves checking a government issued id. If the government then checks those emails, they can verify a certain email was actually written by me and the more signatures I have, the more certain they can be that at least _someone_ checked my id.
I don't care about the social graph being exposed; it is exposed anyway if I send emails to people. But linking my key to a government issued id is a problem for me.
My current alternative is to just exchange key fingerprints in person. I don't check ids when I talk to people so with exchanging keys in person, I have the same level of security as I would have in person. This doesn't solve the problem of communicating with people who I have never met personally. I'm not sure how to solve it.
Happy hacking! Florian