Jonathan Rockway wrote: > I would recommend that you don't do that. What if you lose the > drive? Then your private key is compromised.
Let's not use the word 'compromised'. Let's call it 'loss of control'. If I leave my wallet on my desktop for an hour while I go to a meeting, are my credit cards compromised? I think we'd agree that they're probably not. If I get mugged and my wallet stolen, are my credit cards compromised? I think we'd agree that they are. Compromise usually means not only a failure of access controls, but a strong likelihood of unauthorized persons exploiting the failure of access controls. Losing a dongle doesn't necessarily mean it's been compromised. It means you have a problem, yes, one that's in need of addressing, but it doesn't necessarily call for a key revocation. > Do you have a revocation certificate in a safe location? Having a revocation certificate is totally unrelated to the issue of whether one uses a USB dongle or a cryptographic card. > The OpenPGP smartcard is a much safer option, since it will not give > up the private key (even if you have the password), and will lock > itself after 3 incorrect password attempts. (And after 3 incorrect > Admin PIN attempts, it will destroy itself, which is pretty > inconvenient for someone trying to steal your key.) Compare this to > a pen drive that will let anyone copy off the secret key and guess > the passphrase on their friendly local supercomputer cluster. The entire point of a passphrase on a key is so that even if the attacker _does_ have a supercomputer cluster it will be of no use. An OpenPGP card may allow you to get away with a weaker passphrase, but there's nothing inherently dumb about putting a private key on a USB dongle as long as the passphrase is sufficiently strong. Given the choice between trusting flash memory to wipe itself, and trusting that strong cryptography is going to stand up to even dedicated cryptologic attacks, I'll put my money on the latter any day of the week. > The other advantage is that if your card gets stolen, you *know* that > it's been stolen. I have a two gig USB dongle on my (physical) keyring right next to my car and office keys. If that gets stolen, trust me: I'll know. Whereas if you were to go through my wallet and randomly pilfer one of my cards, I might not know it for a while: while I use my ATM card almost daily, I can't remember the last time I needed to pull out my amateur radio license. What it boils down to is this: there are no silver bullets. There is more than one way to do it. If the OpenPGP card works for you, then great, go for it. But if the OpenPGP card doesn't work for someone else, then you're wasting their time by telling them "oh, don't do that, use an OpenPGP card." Speaking for myself, I have doubts about the long-term security of RSA/1024. I much prefer RSA/2048 instead. Thus, the OpenPGP card fails to meet my own security policy... whereas storing a copy of my private key on my USB dongle, with a high-security passphrase, is a far better solution than an OpenPGP card. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
