I just got out of Dan Kaminsky's talk at Black Hat where he talked about a myriad of topics, but the one I want to focus on was his tool Phidelius. It's a library you reference with LD_PRELOAD that hooks /dev/random, /dev/urandom and some other functions that un-randomizes the random data that key generators like gnupg, openssl, or ssh-keygen uses.
Why would you want to do that? Well, instead of using a random stream of bytes - it uses a reproducible stream of bytes based off a password/passphrase. The bytes could come from any key derivation script, but both Dan and I chose scrypt, by Colin Percival.
His tool is considerably more robust than mine and works with many different programs without modification - mine specifically generates OpenPGP keys. And as he noted in his talk - while you can do this - that doesn't mean it's a good idea.
The idea has probably been public for some time now, although I couldn't find an example of - and since Dan has shouted it out, I figured now's the time to release my code and let people play with it while they're interested. Anyway, there are a ton of caveats, some of which I'll list:
- This is pre-alpha. There may be straight-out-bugs in my code.
- Two people using the same password and scrypt keys would generate the same public keys. I think this is less of an issue than Dan, I assume people using my code would use strong passphrases.
- While it works and is usable, it relies on a bunch of tricks/hacks.
- The public key generated has a different KeyID each time, because the KeyID is a hash over the public key parameters, which includes the date it was created.
- This may generate keys +/- a few bits off the stated length (2047 instead of 2048)
- The key generated is unencrypted - meaning there's no passphrase on your secret key.
- You'd have to have a crazy threat model for this to be a good idea.
- You don't have that threat model, and if you do, you still shouldn't use this code in real life.
The code is located here.
required, hidden, gravatared
required, markdown enabled (help)
* item 2
* item 3
are treated like code:
if 1 * 2 < 3:
print "hello, world!"
are treated like code: