Strongest Key, Hash, and Cypher Algorithms

Atom Smasher atom at smasher.org
Mon Feb 7 07:00:06 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, 5 Feb 2005, Wesley Tabadore wrote:

> I'm new to GPG and encryption in general and trying to figure out the 
> strongest way to encrypt files (less than 100 megs in size).  Speed is 
> not at all a concern, strength of the encryption is the most critical 
> thing.
==================

there are no weak algorithms in pgp/gpg. even the "weakest" algorithms 
should be fine against any attack that can currently be mounted against 
them.


> I would like to encrypt some files symmetrically and other files 
> asymmetrically, so I am trying to understand the strength of both 
> methods.
====================

the strength of symmetric encryption is that you don't need to keep a key 
in a file. all you need to do is remember the passphrase and you will 
always be able to decrypt your data.

the strengths of asymmetric encryption are unattended encryption (you 
don't have to type a passphrase to encrypt) and secure communication 
across an insecure channel (such as the internet) between 2 or more 
parties.


> Based on the research I have done thus far, I undertand that in both 
> cases, I need to ensure the passphrases are strong.  Having long 
> passphrases is not an issue.  I am inclined to use the DiceWare method 
> to generate the passphrases.  Any comments on this method?
========================

diceware is good. more info on other techniques - 
http://atom.smasher.org/links/#passwords


> Symmetric encryption: Which current GPG Hash and Cypher Algorithm are 
> the strongest and how many bits of entropy (or DiceWare words) would my 
> passphrase have to contain in order to gain the most benefit from this 
> Hash/Cypher Algorithm combination?
=======================

hashing is rarely done with symmetric encryption (except as part of the 
s2k process). in a way, knowing the passphrase *is* authentication (and in 
another way, it isn't).

(all other factors being equal) the bigger the passphrase, the more 
protection. the question you should ask is "what size passphrase is 
sufficient for the secrets i want to keep?" check out these sections of 
the diceware FAQ -
 	How long should my passphrase be?
 	http://world.std.com/~reinhold/dicewarefaq.html#howlong

 	What if I want a passphrase with full 128-bit security?
 	http://world.std.com/~reinhold/dicewarefaq.html#128-bit


> Asymmetric encryption: What type of key should I generate and how do I 
> choose the strongest Hash and Cypher Algorithm when encrypting files? 
> Also how long should my passphrase be (bits of entropy or DiceWare 
> words) in order to gain the most benefit in security from this scheme?
===========================

the key types and algorithm preferences, if you don't use the defaults, 
should be based on your latest research and suspicions of what information 
you have. some people don't like 3DES... other people don't like 
BLOWFISH/TWOFISH... i don't like AES... at the end of the day, none of the 
algorithms are broken, or even close to being broken, but many of us have 
our favorites. only your research and/or crystal ball will dictate which 
algorithms you decide to trust most, or not at all.


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"I have presented factual data, statistical data, and
 	 projected data. Form your own conclusions. Perhaps the
 	 NSA has found a polynomial-time (read: fast) factoring
 	 algorithm. But we cannot dismiss an otherwise secure
 	 cryptosystem due to paranoia. Of course, on the same
 	 token, we cannot trust cryptosystems on hearsay or
 	 assumptions of security. Bottom line is this: in the
 	 field of computer security, it pays to be cautious. But
 	 it doesn't pay to be un-informed or needlessly paranoid.
 	 Know the facts."
 		-- infiNity, The PGP Attack FAQ

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCBwP0AAoJEAx/d+cTpVci9TUH+wfLOJoyiK4TLrqYCDf6fFre
6iut7IoVGIzAocwR9WRDxH8+6oZX2u+8QNQA1Y+X8O6b1WUH0T0DRX0EOAuI9y97
QiO0pv0/IcMS52RzOYDnc4OzDEmmnu+qYBHE4ePqBgK8tzsqPEWswrfkmZjDQq5A
3ljXF4jOYFlj3bl203aiqV5rovTgQd3VfDVY95V5eaTSPI/QWWMFIYT704iRceMb
WMVltunszkbV8xMZJUFTsgcyS0YQ5OablVZmkWwxaRkQ778+EtM+C9Vo41xD9xTx
ivJetPxeCjeSWf446LTPgpM3i8/H3p20RmGapJjwcS0wVVl7o4/4ga1Zz0vZOzE=
=W93E
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list