Re: State of the debian keyring

To: debian-project@lists.debian.org
Subject: Re: State of the debian keyring
From: Russ Allbery <rra@debian.org>
Date: Mon, 24 Feb 2014 18:51:37 -0800
Message-id: <87sir7lxae.fsf@windlord.stanford.edu>
In-reply-to: <legven$fop$1@posted-at.bofh.it> (Marco d'Itri's message of "Tue, 25 Feb 2014 02:34:01 +0000 (UTC)")
References: <20140123220729.GA25523@scru.org> <20140222224148.GA2130@scru.org> <20140222234641.GA31478@roeckx.be> <20140223003506.GE30391@gwolf.org> <CAKTje6G5qiCLM3VFqh1i5c33g7B1rs60WmrJz0-7mYrsPmbwKA@mail.gmail.com> <20140223133005.GW27090@earth.li> <20140223144653.GB29141@mraw.org> <20140224192852.GA17673@enricozini.org> <legven$fop$1@posted-at.bofh.it>

Marco d'Itri <md@Linux.IT> writes:

> If anybody disagrees then please describe a credible threat model in
> which:
> - an entity would want to have access to the key of a DD, and
> - would find brute forcing a 1024 bit key more practical than 
>   stealing it or coercing a developer to disclose it.

Brute-forcing the key just requires compute cycles.  There is essentially
no chance of discovery and no risky activity at all until you start
actually using the key.  You can basically choose exactly how or when you
want to use it, or use it only passively to decrypt data (although we
don't really use our keys much for encryption, mostly).

Stealing the key or coercing a developer is *far* riskier and runs a far
higher chance of discovery, because both necessarily involve doing things
out in the world that are visible and noticable and that would be of
potential interest to the news media, etc.

The reason why people tend to focus on passive risks like brute-force
factoring is that they're only difficult in terms of necessary compute
power (or breakthrough mathematics).  They pose essentially zero
operational difficulty and essentially zero risk; all the data that you
need to make the attempt is completely public, and attempting it is not at
all suspicious.  There's no risk of getting caught.  That makes the attack
far more feasible.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: State of the debian keyring
  - From: Enrico Zini <enrico@enricozini.org>

References:
- Re: State of the debian keyring
  - From: Clint Adams <clint@debian.org>
- Re: State of the debian keyring
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: State of the debian keyring
  - From: Paul Wise <pabs@debian.org>
- Re: State of the debian keyring
  - From: Jonathan McDowell <noodles@earth.li>
- Re: State of the debian keyring
  - From: Cyril Brulebois <kibi@debian.org>
- Re: State of the debian keyring
  - From: Enrico Zini <enrico@enricozini.org>
- Re: State of the debian keyring
  - From: Marco d'Itri <md@Linux.IT>

Prev by Date: Re: State of the debian keyring
Next by Date: Re: State of the debian keyring
Previous by thread: Re: State of the debian keyring
Next by thread: Re: State of the debian keyring
Index(es):
- Date
- Thread