[Gnuk-users] Ed25519 for signing broken?
NIIBE Yutaka
gniibe at fsij.org
Tue Feb 10 01:30:00 UTC 2015
On 02/10/2015 05:09 AM, Jonathan Schleifer wrote:
> That link talks about deactivating the admin PIN. How would I do
> that with 1.1.4? I guess this doesn't work anymore since 1.1.4 can't
> set a PIN without keys?
It is supported in 1.1.4, too. I call it "Admin-less mode"
This is deliberate feature of Gnuk, which is not in the OpenPGPcard
specification. (I don't expect this feature will be in the
specification, because it's against the practice of smartcard
industry.)
After importing keys, you will change user PIN only. Then, it's
"Admin-less mode", where admin PIN == user PIN.
After importing keys, you will change admin PIN. Then, it's
traditional "Admin-full mode".
Basically, Gnuk Token is used (or is designed to be used) by a user
who wants to control her own computing. Thus, I think that most users
use "Admin-less mode".
In traditional "Admin-full mode", your private keys are attacked at
most six times by PIN guessing. Or, when flash ROM were disclosed
(very unlikely, but there would be some possibility a manufacture
would forget enabling flash ROM read-protection by programmer), there
will be two paths for attack. Those were my concern.
> Hm, I guess it then might be advisable to not use the Gnuk until
> that is fixed?
You will be hit by this bug on very specific occasion (of removing
your key in "Admin-full mode"), and impact is only when flash ROM were
disclosed. Please evaluate.
> Same for the no signature count thing.
I don't recommend using EdDSA signing yet. It is OK for OpenSSH,
provided you don't distribute your public key with EdDSA subkey
widely.
--
More information about the gnuk-users
mailing list