lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 17 Jan 2022 21:59:22 +0100
From:   "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
To:     Konstantin Ryabitsev <konstantin@...uxfoundation.org>
Cc:     Roberto Sassu <roberto.sassu@...wei.com>, dhowells@...hat.com,
        dwmw2@...radead.org, herbert@...dor.apana.org.au,
        davem@...emloft.net, keyrings@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-fscrypt@...r.kernel.org, linux-kernel@...r.kernel.org,
        zohar@...ux.ibm.com, ebiggers@...nel.org,
        "Jason A. Donenfeld" <Jason@...c4.com>
Subject: Re: [PATCH 00/14] KEYS: Add support for PGP keys and signatures

On 17.01.2022 17:59, Konstantin Ryabitsev wrote:
> On Mon, Jan 17, 2022 at 03:34:54PM +0100, Jason A. Donenfeld wrote:
>> If you're looking for a simple signature mechanism to replace the use of
>> X.509 and all of that infrastructure, may I suggest just coming up with
>> something simple using ed25519, similar to signify or minisign? Very
>> minimal code in the kernel, in userspace, and very few moving parts to
>> break.
> 
> I am concerned that ed25519 private key management is very rudimentary -- more
> often than not it is just kept somewhere on disk, often without any passphrase
> encryption.
> 
> With all its legacy warts, GnuPG at least has decent support for hardware
> off-load via OpenPGP smartcards or TPM integration in GnuPG 2.3, but the best
> we have with ed25519 is passhprase protection as implemented in minisign (and

I am not sure that I understood your point here correctly, but GnuPG
already supports ed25519 keys, including stored on a smartcard - for
example, on a YubiKey [1].

While the current software support for ed25519 might be limited, there
is certainly progress being made, RFC 8410 allowed these algos for X.509
certificates.
Support for such certificates is already implemented in OpenSSL [2].

ECDSA, on the other hand, is very fragile with respect to random number
generation at signing time.
We know that people got burned here in the past.

Thanks,
Maciej

[1]: https://developers.yubico.com/PGP/YubiKey_5.2.3_Enhancements_to_OpenPGP_3.4.html
[2]: https://blog.pinterjann.is/ed25519-certificates.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ