Re: gnome-keyring Generating RSA keys from /dev/urandom

From: Stef Walter <stefw collabora co uk>
To: Yaron Sheffer <yaronf gmx com>
Cc: gnome-keyring-list gnome org
Subject: Re: gnome-keyring Generating RSA keys from /dev/urandom
Date: Sun, 12 Dec 2010 10:29:36 -0600

On 2010-12-08 08:12, Yaron Sheffer wrote:
> # When you're signing with RSA someone needs to verify the signature. And
> they will verify it against the public key. Isn't the public key
> vulnerable to the exact same attacks you are protecting against in the
> first place? Or are you thinking of enabling export and offline storage
> of the public key?

I came to the same conclusion after thinking about this more. It turns
out that I didn't really fully think out the idea before firing off an
email to the mailing list :)

The main idea of having a rsa key per user is so that internally we can
sign stuff like trust assertions. We can then verify they haven't
changed (without unlocking the keyring). In order to modify them, the
user would need to unlock the keyring (thus unlocking the rsa key).

However this breaks down security wise, because there are no guarantees
than an attacker can't just replace the user's rsa key at the same time
as modifying signatures on data (like trust assertions).

In order to have security, we would need the user's rsa key to be signed
(ie: in a certificate), and would then need the signing key to come from
somewhere etc...

So this is not a very viable idea for the desktop given the
infrastructure we have today. It is more reminiscent of mobile phones
where things are authenticated from the hardware up.

But in any case the discussion about using /dev/random vs. /dev/urandom
is very useful and will be used in gnome-keyring to further implement
the PKCS#11 spec.

Cheers,

Stef

References:
- Re: gnome-keyring Generating RSA keys from /dev/urandom
  - From: Yaron Sheffer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]