Duplicity

[Sven Radde]

Hello all,

Following, in a way, the discussion about "How long should a passphrase 
be?", I am currently trying to come up with a sensible backup scheme 
using duplicity.
Duplicity creates full and incremental backups of local files, encrypts 
them using GnuPG and moves them to a (remote) location. By default, it 
uses symmetric encryption but it can be set to encrypt to a public key. 
When using public keys, it can also sign the backups (but, due to a 
current bug, verification errors are not reported...).

My question now is, should I simply use passphrase-based encryption or 
should I go towards public key signing and encrypting. The problem with 
public key is that the secret key must be backed up itself and I do not 
have that many secure locations available where I could store backups 
(secure in the sense of "unlikely to burn down at the same time my house 
does" - not "hard for a stranger to access"). Therefore, any backup of 
the secret key would have to be placed next to the files encrypted with 
that key and having to give my secret key (even a dedicated one) away 
does not create a good feeling.
So, an attacker would get a) passphrase-encrypted files some Gigabytes 
in size or b) sessionkey-encrypted files some Gigabytes in size and a 
passphrase-encrypted secret key. Which approach is more prudent 
security-wise? To me it looks like it is advantageous that in case b), 
the passphrase is only used to encrypt a relatively small bit of data, 
making analysis more difficult. Plus, I would get integrity-protection 
some time in the futute (once the bug is fixed). Apart from this, given 
a long enough passphrase, both approaches should be equally secure, 
aren't they?
As a side question, speaking about integrity-protection, how does the 
MDC come into play here? Wouldn't that be enough protection anyway (as 
it is a special use-case)?

Thanks for some "second opinions" on this,
  Sven