Summary: Windows GUI recommendation for USB disk

Robert J. Hansen rjh at sixdemonbag.org
Fri Nov 3 16:40:21 CET 2006


Ryan Malayter wrote:
> When encrypting to a *.7z file, 7-zip uses AES-256 in CBC mode, with
> a passphrase-to-key function based on SHA-256. This is actually
> stronger than most cipher preferences on OpenPGP keys.

This may be just my own personal quirk, but it seems misleading to me to
describe AES256 as "stronger" than, say, AES128.  The threshold just to
break AES128 is so immense that it may as well be a brick wall;
describing AES256 as "stronger" just means the brick wall is, well,
still a brick wall.  Once you reach a certain threshold point as far as
resistance to brute-force attacks, to really make something "stronger"
requires introducing resistance to other kinds of attacks.

E.g., I'd say that an 3DES hardware token guarded by a fireteam of armed
Marines is far stronger than an AES256 key stored on a PC running
unpatched Windows 95 on an always-on unfirewalled Internet connection,
despite the fact the AES256 key has about 144 bits more keyspace.

Let's just describe 7zip as using strong crypto, and leave it at that.  :)




More information about the Gnupg-users mailing list