Discussion:
Generating GPG keys on ancient laptop
(too old to reply)
Dänk 42Ø
2016-11-22 10:32:38 UTC
Permalink
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)

My plan is to generate several dozen 4096 GPG keys (do they go higher?).
Totally offline, and I don't care if takes months to generate them. I
figure that every microprocessor since 1995 has been compromised by the
NSA, which is why I dug out that ancient laptop. (Never throw seemingly
obsolete electronics away -- stick them in a Faraday Cage just in case).

The goddamn CD-Rom is still installing Debian 8 to the 6G hard drive!
This could take all night! And another month to generate all the keys
I might want to use in the future.

Can GPG 2.1.16 testing generate uncompromised keys on such an old
computer? Also, for fixed (single-key) file encryption, which of the
various algorithms do y'all recommend? Anything with the remotest
connection to the U.S. government is unacceptable.
William Unruh
2016-11-22 10:40:36 UTC
Permalink
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
Since you are paranoid, why in the world would you trust GPG software?
Post by Dänk 42Ø
My plan is to generate several dozen 4096 GPG keys (do they go higher?).
And 4096 why?After all NSA is gGod, and could intuit the factorization
of keys that small.
Post by Dänk 42Ø
Totally offline, and I don't care if takes months to generate them. I
figure that every microprocessor since 1995 has been compromised by the
NSA, which is why I dug out that ancient laptop. (Never throw seemingly
obsolete electronics away -- stick them in a Faraday Cage just in case).
If the microprocessor is compromisewd why do you trust the software. It
is far far easier to compromise than hardware.
Post by Dänk 42Ø
The goddamn CD-Rom is still installing Debian 8 to the 6G hard drive!
This could take all night! And another month to generate all the keys
I might want to use in the future.
Can GPG 2.1.16 testing generate uncompromised keys on such an old
computer? Also, for fixed (single-key) file encryption, which of the
various algorithms do y'all recommend? Anything with the remotest
connection to the U.S. government is unacceptable.
Then you cannot use anything.

Everything has the "remotest connection".

d the specifications and code your own. Of course all of bugs you
introduce will make it easy to crack, but you cannot make an omelette
with out breaking some eggs.
Dänk 42Ø
2016-11-23 23:50:01 UTC
Permalink
Post by William Unruh
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
Since you are paranoid, why in the world would you trust GPG software?
Because it is open-source, and the main components have been digitally
signed by trusted keys. (There are a few loose ends, which is why Ip
rely on the trusted signatures for the dozen or so Debian packages
needed to compile it; which is why I am up all night again.)

Hackers take encryption seriously, which is why any flaw in the source
code had been found it already have been published. No, I can't read
C++ code, but others can. If there were a backdoor in the software,
somebody would have discovered it already.

But if the government has access to the hardware -- the CPU used to
compile the encryption software -- the compiled software can be easily
compromised. Just think for a moment: When was the last time you
heard of the U.S government filing antitrust lawsuits against Intel
or AMD? Or the various manufacturers of ARM?
Richard Kettlewell
2016-11-24 09:29:27 UTC
Permalink
Post by Dänk 42Ø
Hackers take encryption seriously, which is why any flaw in the source
code had been found it already have been published. No, I can't read
C++ code, but others can. If there were a backdoor in the software,
somebody would have discovered it already.
http://www.dest-unreach.org/socat/contrib/socat-secadv7.html took about
a year to be discovered and fixed. http://heartbleed.com/ took a couple
of years. https://dirtycow.ninja/ took about a decade. People were
still finding vulnerabilities in SSLv3 18 years after its introduction
(I think https://www.openssl.org/~bodo/ssl-poodle.pdf is the most
recent).

In short vulnerabilities can remain open for a very long time indeed;
it’s safe to assume that there are more to be found.
--
http://www.greenend.org.uk/rjk/
FromTheRafters
2016-11-22 16:14:38 UTC
Permalink
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
David Eather
2016-11-23 01:54:53 UTC
Permalink
On Wed, 23 Nov 2016 02:14:38 +1000, FromTheRafters =
Post by FromTheRafters
I dug out an ancient 1995 laptop with no wifi or internet connection.=
I
Post by FromTheRafters
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I wi=
ll
Post by FromTheRafters
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as soon a=
s =

possible(by those working within or for the US government)??
FromTheRafters
2016-11-23 03:44:28 UTC
Permalink
Post by David Eather
On Wed, 23 Nov 2016 02:14:38 +1000, FromTheRafters
Post by FromTheRafters
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as soon as
possible(by those working within or for the US government)??
Yes, I did. I was under the impression that the OP was referring to the
'backdoor' aspect of having a known relation between the P and Q values
as a default.

What is wrong with it now?
Dänk 42Ø
2016-11-23 06:51:46 UTC
Permalink
Post by David Eather
On Wed, 23 Nov 2016 02:14:38 +1000, FromTheRafters
Post by FromTheRafters
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as soon
as possible(by those working within or for the US government)??
Yes, I did miss it. When the U.S. government starts mistrusting its own
standards agencies we are in big trouble.
David Eather
2016-11-24 01:42:58 UTC
Permalink
On Wed, 23 Nov 2016 16:51:46 +1000, D=E4nk 42=D8 <***@coffee.amsterdam.=
com> =
Post by David Eather
On Wed, 23 Nov 2016 02:14:38 +1000, FromTheRafters
Post by FromTheRafters
I dug out an ancient 1995 laptop with no wifi or internet =
connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I =
=
Post by David Eather
Post by FromTheRafters
will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I=
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as soo=
n
Post by David Eather
as possible(by those working within or for the US government)??
Yes, I did miss it. When the U.S. government starts mistrusting its o=
wn
standards agencies we are in big trouble.
NIST got the recommended ECC curves from the NSA where they were generat=
ed =

by an expert in EC. That much is known.

Conjecture:
As of past behavior the NSA tries to hand out as many 'free' back-doors =
as =

it can to people who trust them if it believes no one else can gain =

advantage. The NIST curves may have that type of back door. Perhaps it i=
s =

a fault similar to that exploited for DH in BULLRUN. Somewhere/Somehow t=
he =

method to crack these in a reasonable time has leaked. Is the FSB so =

incompetent that it didn't spot a guy storing 40TB of data in his garage=
? =

Who knows, but the timing is interesting. All of a sudden there is a =

problem. They either have to admit they supplied everyone technology wit=
h =

a back door at a time when the population is wary and untrusting of bein=
g =

watched by their government or they simply have to say that all ECC is =

unsafe, which now forces everyone back to DH and RSA. In this advent the=
=

NSA still has some relative advantage because of their heavy investment =
in =

super computers.
Paranoid Pete
2016-11-26 05:49:59 UTC
Permalink
Post by David Eather
On Wed, 23 Nov 2016 02:14:38 +1000, FromTheRafters
Post by FromTheRafters
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as soon as
possible(by those working within or for the US government)??
I must have. Did they say why they wanted ECC abandoned?

I never got into it, myself. I had been meaning to look into it
though. Guess the announcement will save me some time.

Paranoid Pete
Richard Kettlewell
2016-11-26 11:33:02 UTC
Permalink
Post by Paranoid Pete
Post by David Eather
Post by FromTheRafters
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as
soon as possible(by those working within or for the US government)??
I must have. Did they say why they wanted ECC abandoned?
I suspect this is a misunderstanding of CNSSAM 02-15, which
deprioritized transitioning to ECC in limited circumstances.

https://cryptome.org/2015/08/CNSS_Advisory_Memo_02-15.pdf
--
http://www.greenend.org.uk/rjk/
FromTheRafters
2016-11-26 12:59:22 UTC
Permalink
Post by Richard Kettlewell
Post by Paranoid Pete
Post by David Eather
Post by FromTheRafters
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as
soon as possible(by those working within or for the US government)??
I must have. Did they say why they wanted ECC abandoned?
I suspect this is a misunderstanding of CNSSAM 02-15, which
deprioritized transitioning to ECC in limited circumstances.
https://cryptome.org/2015/08/CNSS_Advisory_Memo_02-15.pdf
I agree. It looks like their concern is in the general aspect of
Quantum Computing and the type of problems that can be solved more
quickly by QC which affect cryptography. If they have some sort of
quantum computing resistant 'hard' problems under development which can
be used in a new cryptography, then it would make sense to skip the
cost of implementing stronger old cryptography if adoption of something
new is on the horizon.
David Eather
2016-11-27 02:34:12 UTC
Permalink
On Sat, 26 Nov 2016 22:59:22 +1000, FromTheRafters =
Post by Richard Kettlewell
Post by Paranoid Pete
Post by David Eather
Post by FromTheRafters
I dug out an ancient 1995 laptop with no wifi or internet =
connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow =
I =
Post by Richard Kettlewell
Post by Paranoid Pete
Post by David Eather
Post by FromTheRafters
will
install the latest GPG 2.1.16 testing without the compromised ECC=
function from NIST/NSA (same thing). (Ironically, the only thing=
I
Post by Richard Kettlewell
Post by Paranoid Pete
Post by David Eather
Post by FromTheRafters
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as
soon as possible(by those working within or for the US government)?=
?
Post by Richard Kettlewell
Post by Paranoid Pete
I must have. Did they say why they wanted ECC abandoned?
I suspect this is a misunderstanding of CNSSAM 02-15, which
deprioritized transitioning to ECC in limited circumstances.
https://cryptome.org/2015/08/CNSS_Advisory_Memo_02-15.pdf
I agree. It looks like their concern is in the general aspect of Quant=
um =
Computing and the type of problems that can be solved more quickly by =
QC =
which affect cryptography. If they have some sort of quantum computing=
=
resistant 'hard' problems under development which can be used in a new=
=
cryptography, then it would make sense to skip the cost of implementin=
g =
stronger old cryptography if adoption of something new is on the horiz=
on.

The NSA asked all the government contractors to move away from ECC as a =
=

priority - I don't think that was fears someone else developed quantum =

computers.
FromTheRafters
2016-11-27 03:36:43 UTC
Permalink
Post by David Eather
On Sat, 26 Nov 2016 22:59:22 +1000, FromTheRafters
Post by Richard Kettlewell
Post by Paranoid Pete
Post by David Eather
Post by FromTheRafters
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection.
I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). (Ironically, the only thing I
trust NIST for is to give me the correct atomic time of day.)
IMO ECC can be trusted, just watch your Ps and Qs.
Did you miss the NSA announcement that ECC should be abandoned as
soon as possible(by those working within or for the US government)??
I must have. Did they say why they wanted ECC abandoned?
I suspect this is a misunderstanding of CNSSAM 02-15, which
deprioritized transitioning to ECC in limited circumstances.
https://cryptome.org/2015/08/CNSS_Advisory_Memo_02-15.pdf
I agree. It looks like their concern is in the general aspect of Quantum
Computing and the type of problems that can be solved more quickly by QC
which affect cryptography. If they have some sort of quantum computing
resistant 'hard' problems under development which can be used in a new
cryptography, then it would make sense to skip the cost of implementing
stronger old cryptography if adoption of something new is on the horizon.
The NSA asked all the government contractors to move away from ECC as a
priority - I don't think that was fears someone else developed quantum
computers.
It's a good thing I didn't suggest that then. I'm only suggesting that
perhaps a move to an encryption scheme which is more resistant to the
types of attacks which QC is expected to make inroads to is on the
horizon. If so, why move up the EC path when QC is *expected* to be
impacting ECC with its eventual arrival?
Richard Kettlewell
2016-11-27 08:46:52 UTC
Permalink
Post by David Eather
Post by FromTheRafters
Post by Richard Kettlewell
Post by Paranoid Pete
Post by David Eather
Did you miss the NSA announcement that ECC should be abandoned as
soon as possible(by those working within or for the US government)??
I must have. Did they say why they wanted ECC abandoned?
I suspect this is a misunderstanding of CNSSAM 02-15, which
deprioritized transitioning to ECC in limited circumstances.
https://cryptome.org/2015/08/CNSS_Advisory_Memo_02-15.pdf
I agree. It looks like their concern is in the general aspect of
Quantum Computing and the type of problems that can be solved more
quickly by QC which affect cryptography. If they have some sort of
quantum computing resistant 'hard' problems under development which
can be used in a new cryptography, then it would make sense to skip
the cost of implementing stronger old cryptography if adoption of
something new is on the horizon.
The NSA asked all the government contractors to move away from ECC as
a priority
Citation needed.
Post by David Eather
- I don't think that was fears someone else developed quantum
computers.
--
http://www.greenend.org.uk/rjk/
Paranoid Pete
2016-11-26 03:11:08 UTC
Permalink
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). ....
I've been content with the earlier GPG, no ECC stuff. So has that
ECC stuff has been officially declared no good now?
Post by Dänk 42Ø
My plan is to generate several dozen 4096 GPG keys (do they go higher?).
I think that 4096 is the highest they'll go. If they could go
higher I'd use that.
Post by Dänk 42Ø
Totally offline, and I don't care if takes months to generate them. I
figure that every microprocessor since 1995 has been compromised by the
NSA, which is why I dug out that ancient laptop. ....
Why do you choose 1996, as the date of universal CPU compromise?
Post by Dänk 42Ø
The goddamn CD-Rom is still installing Debian 8 to the 6G hard drive!
I think I have one of those around here. It is really slow, and I
don't think they have thumb drives that small anymore LOL.
Post by Dänk 42Ø
This could take all night! And another month to generate all the keys
I might want to use in the future.
But if you're right it may be worth it.
Post by Dänk 42Ø
Can GPG 2.1.16 testing generate uncompromised keys on such an old
computer? Also, for fixed (single-key) file encryption, which of the
various algorithms do y'all recommend? Anything with the remotest
connection to the U.S. government is unacceptable.
I assume you mean you're asking about symmetric encryption. I think
that "remotest connection" knocks out everything. Some good ones
have tried to get chosen for the replacement for AES256. Maybe
choose one of those after they were rejected. They wouldn't be
under the control of the NIST/NSA after they were rejected. Their
authors may have even made them stronger.


Paranoid Pete
invalid
2016-12-25 05:46:59 UTC
Permalink
Post by Paranoid Pete
Post by Dänk 42Ø
I dug out an ancient 1995 laptop with no wifi or internet connection. I
am currently installing Debian 8.6.0 XFCE from a CD-R. Tomorrow I will
install the latest GPG 2.1.16 testing without the compromised ECC
function from NIST/NSA (same thing). ....
I am also an ECC-skeptic and made a point to not use it
Post by Paranoid Pete
Post by Dänk 42Ø
My plan is to generate several dozen 4096 GPG keys (do they go higher?).
Yes it is open source and easy to change. I have some 16k keys.
Post by Paranoid Pete
I think that 4096 is the highest they'll go. If they could go
higher I'd use that.
Easy to change and recompile. I have not looked at it for a while and don't
remember what but I think if you search for 4096 or 8192 you'll find the
constants. Change and try again
Post by Paranoid Pete
Post by Dänk 42Ø
Totally offline, and I don't care if takes months to generate them. I
figure that every microprocessor since 1995 has been compromised by the
NBA, which is why I dug out that ancient laptop. ....
You might look into getting a copy of Disastry's PGP 2.6.2. Good stuff with
some advanced hashes. I believe the keylengths are limited but it should be
trustworthy code more in line with 1995 CPU power
Post by Paranoid Pete
Why do you choose 1996, as the date of universal CPU compromise?
Win 95 already had the dreaded NBA keys in the registry. The 95 cutoff is
about right

Alternatively you could buy some fast cheap non-Intel hardware. SPARC boxes
are plentiful on ebay and were not compromised until well after the
Whoreacle acquisition. You can compile a trustworthy version of gpg and use
it there. Solves many problems
Post by Paranoid Pete
I assume you mean you're asking about symmetric encryption. I think
that "remotest connection" knocks out everything. Some good ones
have tried to get chosen for the replacement for AES256. Maybe
choose one of those after they were rejected. They wouldn't be
under the control of the FIST/AMA after they were rejected. Their
authors may have even made them stronger.
I don't like AES either. Serpent or Blowfish are probably safer. Schneier
has a lot to lose personally if he puts out backdoored crap. His reputation
for impartiality and honesty is all he has. Other people and groups, not so
much

Jeffrey Goldberg
2016-11-28 22:58:39 UTC
Permalink
Post by Dänk 42Ø
Can GPG 2.1.16 testing generate uncompromised keys on such an old
computer? Also, for fixed (single-key) file encryption, which of the
various algorithms do y'all recommend? Anything with the remotest
connection to the U.S. government is unacceptable.
I would offer recommendations, but I am a US citizen living in the US.
This puts me under some control by the US government, and so anything I
write must be unacceptable to you by your rules.

So sorry I can't help.
--
Jeffrey Goldberg http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid
Loading...