[Owasp-leaders] Is it ok to share the PGP Keys and keep the PassPhrase private?
jeremy.j.epstein at gmail.com
Thu Oct 14 10:22:57 EDT 2010
This is a fascinating discussion, and I think there are a few key
points which have been made, but not always clearly.
(1) If the private key is protected by a password (as is common), then
the protection is a combination of at least four factors: (a) the
strength of the password, (b) how effectively the password is used to
protect the bits (i.e., if it's just XORed, it's not that good!) (*),
(c) how resilient the computer holding the private key is against
software attacks, and (d) how resilient the computer holding the
private key is against theft or other hardware attacks. The reason
it's not OK to share the private key encrypted by the password is a
combination of ALL of these - and once you give away the
key-protected-by-password to someone else, you are relying on how
*they* implement (c) and (d).
(*) There are standard ways to do this, so it's probably not a major
factor - but we've all seen cases where the password protecting the
private key is used in a foolish way that provides minimal protection.
In that case, all that protects the key is the resiliency of the
computer - i.e., items (c) and (d). So giving the password-encrypted
key away is a losing proposition.
(2) The strength of a system isn't always where it appears to be - if
the entire protection of the key is based on the strength of the
password (and not the other measures mentioned above), then it doesn't
matter if it's a 512 or 4096 bit RSA key (as an example). It's no
longer a public key system.
[There was a system I analyzed years ago that had a sophisticated
password strength system - but it made no difference because the
password was hashed in the client and sent to the server, which
compared the hashed password to a stored value. So what the person
*thought* was the password was just an input to a poorly-designed hash
function, and what really mattered to the security of the system was
the distribution of outputs of the hash function!]
Thank you for the thought-provoking discussion - my initial thought
was "no way", but then I had to think hard as to why it's not
acceptable to share the password-encrypted private key with a
justification beyond "it's a bad idea".
More information about the OWASP-Leaders