email at sven-radde.de
Tue May 6 10:13:39 CEST 2008
Following, in a way, the discussion about "How long should a passphrase
be?", I am currently trying to come up with a sensible backup scheme
Duplicity creates full and incremental backups of local files, encrypts
them using GnuPG and moves them to a (remote) location. By default, it
uses symmetric encryption but it can be set to encrypt to a public key.
When using public keys, it can also sign the backups (but, due to a
current bug, verification errors are not reported...).
My question now is, should I simply use passphrase-based encryption or
should I go towards public key signing and encrypting. The problem with
public key is that the secret key must be backed up itself and I do not
have that many secure locations available where I could store backups
(secure in the sense of "unlikely to burn down at the same time my house
does" - not "hard for a stranger to access"). Therefore, any backup of
the secret key would have to be placed next to the files encrypted with
that key and having to give my secret key (even a dedicated one) away
does not create a good feeling.
So, an attacker would get a) passphrase-encrypted files some Gigabytes
in size or b) sessionkey-encrypted files some Gigabytes in size and a
passphrase-encrypted secret key. Which approach is more prudent
security-wise? To me it looks like it is advantageous that in case b),
the passphrase is only used to encrypt a relatively small bit of data,
making analysis more difficult. Plus, I would get integrity-protection
some time in the futute (once the bug is fixed). Apart from this, given
a long enough passphrase, both approaches should be equally secure,
As a side question, speaking about integrity-protection, how does the
MDC come into play here? Wouldn't that be enough protection anyway (as
it is a special use-case)?
Thanks for some "second opinions" on this,
More information about the Gnupg-users