lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 3 Oct 2011 05:14:30 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Greg KH <greg@...ah.com>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: kernel.org status: establishing a PGP web of trust

On Sat, Oct 01, 2011 at 07:05:19AM -0700, Greg KH wrote:
> 
> I would recommend a physical access device for your new gpg key that you
> create.  I've heard good things about this USB device:
> 	http://www.crypto-stick.org/
> and am trying to have a bunch of them at the Kernel Summit this year to
> hand out to people if they want one.

Hmm, if I'm going to get one at KS, should I stop getting signed keys
now? A few of us have already started the GPG song and dance to get
signed keys over the phone (where we know each other enough to know
phone numbers and recognize voices).

But I did it all wrong. I have a 4k RSA key for both signing and
encrypting with no revoke generated and no expiration. The key is
currently on one of my machines, which I was about to move to an
encrypted usb device.

If I can get one of these devices, it sounds like I should create a new
key on it as my master key and start using subkeys as described in the
debian link that someone posted before. Then at the keysigning I would
just use the key from this device.


> 
> There are also lots of other smart-card form-factor devices that can be
> used to store GPG keys.  Some places to purchase these can be found at
> links from the above site.

I just pulled out an old GNU GPG card I had, and unfortunately it only
supports 1024 RSA keys.

-- Steve

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ