good practices when using gpg --symmetric?
David Shaw
dshaw at jabberwocky.com
Tue Aug 5 14:37:03 CEST 2008
On Aug 4, 2008, at 10:51 PM, julio baltazar wrote:
> Dear all
>
> Every few months I use GPG to encrypt a bunch of files which I keep
> as a backup on other people's computers yet wish to keep private.
> From reading the GPG manual, I understand that using GPG the single
> most important consideration is a good passphrase.
>
> But I have also been thinking how the following factors affect the
> security of my files:
>
> - number and size of files: is there a difference (security-wise)
> between encrypting 10,000 small files or encrypting a single, larger
> archive containing all of them?
No significant difference. There is a minor difference in practice in
that multiple small files allow you to use a different passphrase on
each, but remembering 10,000 passphrases is non-trivial in itself.
> - file formats: should I be concerned about an attacker knowing
> which format a particular file is in? Files in a certain format
> typically have a magic number in the beginning or have other
> predefined content.
Good crypto systems can give the attacker a known file format and are
still secure.
> Are there any other issues one should keep in mind to safely use gpg
> in --symmetric mode?
Not really, but I wonder why you're using --symmetric rather than the
regular public-key mode. There is no significant difference in
security, but it might be more convenient for you if you have many
files.
David
More information about the Gnupg-users
mailing list