Silk Road forums

Discussion => Security => Topic started by: Hungry ghost on January 01, 2013, 01:42 am

Title: GPG4USB-warning for newbs(RESOLVED: OP is obsolete)
Post by: Hungry ghost on January 01, 2013, 01:42 am
Hi everyone; I've been around here a while now, and  I'm missing some of the old timers like Guru and LouisCyphre and Pine who could perhaps have explained this in more technical detail. I believe Kmfkwm is still around, and although I may disagree with some of his ideas for rounding up and assasinating participants in drug war, I respect his tech skills a huge amount so perhaps he can help explain this better!

       Like a lot of people I gravitated to GPG4USB over GPG4WIN due to its easier interface. I notice a lot of newbs are being directed to an (admitedly excellent) tutorial on this.

       However I was told a while back that even if you up the key size to 4096, GPG4USB only generates 1024/4096 keys using an obsolete algorithm. I was advised to create a 2048/2048 RSA key using GPG4WIN (GPA or KLEOPATRA) and then back it up to an .asc file which you can then import to GPG4USB, enabling you to have your stronger keypair AND the convenience and portability of GPG4USB.

Now I'll be the first to admit that I don't fully know what all the numbers represent but it was my understanding that the 1024/xxxx style keys were considered at least theoretically breakable for quite a while now.

        It is a bit more hassle creating the stronger keypair and exporting it to GPG4USB (I like to use that because I can have it on a Truecrypt hidden volume on an encrypted thumbdrive) ....especially for those trying to get to grips with PGP.

       I don't want to fearmonger. The 1024/4096 keys are probably fine if you are a small fish. I don't think they are crackable by your average LE on the beat or anything.
     And theres always the possibility I'm talking out my ass, having misunderstood! But there you go, consider yourselves alerted.

Happy new year!
Title: Re: GPG4USB-warning for newbs
Post by: Nightcrawler on January 01, 2013, 02:26 am
Hi everyone; I've been around here a while now, and  I'm missing some of the old timers like Guru and LouisCyphre and Pine who could perhaps have explained this in more technical detail. I believe Kmfkwm is still around, and although I may disagree with some of his ideas for rounding up and assasinating participants in drug war, I respect his tech skills a huge amount so perhaps he can help explain this better!

       Like a lot of people I gravitated to GPG4USB over GPG4WIN due to its easier interface. I notice a lot of newbs are being directed to an (admitedly excellent) tutorial on this.

       However I was told a while back that even if you up the key size to 4096, GPG4USB only generates 1024/4096 keys using an obsolete algorithm. I was advised to create a 2048/2048 RSA key using GPG4WIN (GPA or KLEOPATRA) and then back it up to an .asc file which you can then import to GPG4USB, enabling you to have your stronger keypair AND the convenience and portability of GPG4USB.

Now I'll be the first to admit that I don't fully know what all the numbers represent but it was my understanding that the 1024/xxxx style keys were considered at least theoretically breakable for quite a while now.

        It is a bit more hassle creating the stronger keypair and exporting it to GPG4USB (I like to use that because I can have it on a Truecrypt hidden volume on an encrypted thumbdrive) ....especially for those trying to get to grips with PGP.

       I don't want to fearmonger. The 1024/4096 keys are probably fine if you are a small fish. I don't think they are crackable by your average LE on the beat or anything.
     And theres always the possibility I'm talking out my ass, having misunderstood! But there you go, consider yourselves alerted.

Happy new year!

When you're referring to 1024/4096 keys, you're referring to the older-style DSA/Elgamal PGP keys.  These were the standard up until the Fall of 2009, when they were replaced by a pair of RSA keys. One RSA key is used for signing/authentication, while the other RSA key is used only for encryption.

The latest version of GPG4USB (released September 2012) generates RSA/RSA keypairs. If you generate a 4096-bit key with the latest version of GPG4USB (gpg4usb-0.3.2-1.zip) you are generating an RSA/RSA keypair, each of 4096-bits. This latest version of GPG4USB generates RSA/RSA keys by default -- older versions still clung to the DSA/Elgamal format.

As long a you are using the latest version of GPG4USB, you have nothing to worry about, at least from keys that you generate.  Naturally, any keys that you import from other people should be examined to determine both the type as well as size.  Once a key has been imported into GPG4USB, and it appears in the right-hand pane, right-click on it, and click on Show keydetails.  This will give you information on both the keysize and type.

NC
Title: Re: GPG4USB-warning for newbs
Post by: SantaClause1 on January 01, 2013, 03:50 am
Just type PGP Encryption in YouTube, click the first video and follow the tutorial. It doesn't get any easier or informative than that. There is a bunch of videos on it. It took me 5 minutes to master it after beating my head over the table trying to figure it out for days. It's really as simple as 123.
Title: Re: GPG4USB-warning for newbs
Post by: Hungry ghost on January 01, 2013, 08:45 am
aah thats ok then... its my warning thats obsolete!"
Title: Re: GPG4USB-warning for newbs
Post by: Party Girl on January 01, 2013, 08:53 am
aah thats ok then... its my warning thats obsolete!"

Yes, this is correct.   :)
Title: Re: GPG4USB-warning for newbs(RESOLVED: OP is obsolete)
Post by: Hungry ghost on January 01, 2013, 09:22 am
I have been using an outdated version of GPG4USB then.....it doesn't matter as I had imported a 2048/2048 RSA key anyway. Still it shows how important it is to keep abreast of things.
      I have updated thread title to reflect this