IETF Logo Mail Archive

Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed

Phillip Hallam-Baker <phill@hallambaker.com> Sat, 19 October 2019 03:51 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E567B120104 for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2019 20:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.474
X-Spam-Level:
X-Spam-Status: No, score=-1.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yCCDSNuP22l for <openpgp@ietfa.amsl.com>; Fri, 18 Oct 2019 20:51:01 -0700 (PDT)
Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F82120168 for <openpgp@ietf.org>; Fri, 18 Oct 2019 20:51:01 -0700 (PDT)
Received: by mail-ot1-f54.google.com with SMTP id z6so6687453otb.2 for <openpgp@ietf.org>; Fri, 18 Oct 2019 20:51:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=46Z6IZUWDE2L00Z/gOK5N3DdZJrWZ0QwZlLZvPWz0qc=; b=W+3ylMh8qn/+j5uPKm1xPki+mfRskvaC1bpdHPDCJzvOvwJYiFLrrY3SDNQwv4Lgr1 +4Vf0e0gOjzua+YQmZTTpKJAjsxMSqRFoaakyxGvmBArCYXYTPHkyPYethFE16INJJ7h SzC0oVFdZPCXzPbh8bMNkhVLsLH8FuQvLcFFvst9YcC9tnIt6hYhrnyhswxSntwCIqdk N7u3zKDFDB2ssRZ7ZFH7eU6+y5gPOaGvMzftX3+CgKWtwwPZjH9Dz+mvsl07P8PFFIgs kkx1AMMiNUg8a/QLtvA7gGG4kJ7tDAbCj8um6nWiw7KDgKY2mSCmBj+XvhrP+NW/geXy Ktgw==
X-Gm-Message-State: APjAAAX4jq/cU714ZuakrXbo9VU/5y2E0Fdn+gBED0LQFE+e/xS1gBvP 2UshuClF7G5Jb3vrx9drjRWNzqHQgFELuLS1dM0=
X-Google-Smtp-Source: APXvYqwOCIx8KrvqVoksAWK9R0DMW7sYR3GbH5jPAJ2oWRCHH0yRaqQ+PGg8wnyKVlB5+Licf7WddiyhCRs8kPAV9wc=
X-Received: by 2002:a9d:4591:: with SMTP id x17mr8199549ote.112.1571457061016; Fri, 18 Oct 2019 20:51:01 -0700 (PDT)
MIME-Version: 1.0
References: <5eb8774d-8d4f-63e3-29bc-53f3c8d21c51@kuix.de> <FAAB5286-1C26-4F32-AB76-8B1E2C93FA77@icloud.com> <2efcd737-34b3-00bb-527f-725daf6e8509@kuix.de> <20191018225100.bnslptroeenuusxf@camp.crustytoothpaste.net> <CAMm+LwhL7ys67J=TaLwWDFEpb91H5SwQChVuoaHHqmCsoTiQjg@mail.gmail.com>
In-Reply-To: <CAMm+LwhL7ys67J=TaLwWDFEpb91H5SwQChVuoaHHqmCsoTiQjg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 18 Oct 2019 23:50:57 -0400
Message-ID: <CAMm+Lwig7kL9=z=achFqVbeVchzu9ua5-kzjDkWq=rxZ6JUqzQ@mail.gmail.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e6d92d05953b5bdb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/knmLWgS7bJatcWNgvLKqw8WQQoI>
Subject: Re: [openpgp] Deriving an OpenPGP secret key from a human readable seed
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Oct 2019 03:51:04 -0000

Carrying on after gmail sent the message before I wanted to...

On Fri, Oct 18, 2019 at 11:40 PM Phillip Hallam-Baker <phill@hallambaker.com>
wrote:

> Someone just said we need a spec. Here is a spec:
> https://www.ietf.org/id/draft-hallambaker-mesh-udf-07.txt
>
> It is in the new format which is intended to be read as HTML. Until the
> tools catch up, you can read it here:
> http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html
>
> The draft does not specify the value of e which it should but I am pretty
> sure we have standardized on 65537. I see no reference to p being greater
> than q and it is a mystery to me why we would care when the RSA parameters
> are the modulus and the private exponent d. Knowledge of p and q is only
> used to determine d, they are not req
>

As I was saying, I am not aware of a requirement to know p or q after d is
calculated let alone sort them. There are requirements to do with co-primes
being of particular lengths. But NIST states these are optional so I am
thinking of simply saying that to generate a key pair you use the
derivation mechanism specified until you arrive at a pair you like.

Given the density of prime numbers and given that the smallest keys we are
using are 1024 bits, the work factor for any schemes based on guessing the
prime parameters is going to be above 2^1000 which is more than a google.

I did not bother with DSA. But that could be added. It has serious problems
at this point and is probably just better deprecated.

v2.23.0 | Report a Bug | By Email