Password Protecting GPG Keys

To: debian-devel@lists.debian.org
Subject: Password Protecting GPG Keys
From: Russell Stuart <ras@debian.org>
Date: Fri, 13 Jun 2014 17:03:54 +1000
Message-id: <[🔎] 1402643034.5158.58.camel@russell-laptop.pc.brisbane.lube>
Reply-to: debian-devel@lists.debian.org

There was a thread on d-private in early March about the benefits and
downsides to to requiring every DD and aspiring DD to sign their
messages.  One of the reasons raised for not doing it is some felt
uncomfortable carrying around their GPG keys when travelling.

My initial reaction was "that's being overly cautious" particularly
given there signing every message doesn't mean you have to carry around
your master key.  However, it did make me wonder just how safe a GPG key
(or indeed any file) is, if it is protected by a password and nothing
else.

To put the problem in precise terms: Lets say I had a bitcoin wallet
with keys controlling $10M worth of coins.  (A figure is needed because
it determines the upper bound on the amount of effort a rational
attacker would devote to the problem.)  Is it possible to put an
encrypted version of that file in a public place on the web, so that
everybody knew what it was worth, and have it protected by a password I
could be comfortable in remembering in a couple of years time, and be
sure it is safe.  "Sure it is safe" here means it is going to cost the
attacher more than it's worth.

It turned out to be a far more interesting question than I first
supposed.  To cut to the chase, I think the answer is yes - it is
possible.  But not with the tools shipped by Debian today [0] [1].

I have up a web page explaining what you have to do to protect such a
file, together with a tool that makes it possible (but possibly not
convenient enough for everyday use).  You can find it here:

  http://pbkdf2.sourceforge.net (don't be put off by the name.)

Maybe it will convince some of you it is possible to carry your gpg key
around with you - or at the very least store it in the web somewhere so
you can get to it when you need it.



[0] Debian does include scrypt, which is what I based my program on.
    Unfortunately it lets you set the maximum strength of the
    expanded key, but not a minimum.   That's not quite what I was
    after.

[1] And since it isn't possible with the tools available on Debian,
    that means my gut "he's being overly cautious" reaction was wrong.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Password Protecting GPG Keys
  - From: Thorsten Glaser <tg@debian.org>

Prev by Date: Re: use of RDRAND in $random_library
Next by Date: Re: use of RDRAND in $random_library
Previous by thread: Work-needing packages report for Jun 13, 2014
Next by thread: Re: Password Protecting GPG Keys
Index(es):
- Date
- Thread