future proof file encryption

Sven Radde email at sven-radde.de
Fri Feb 27 14:55:39 CET 2009


Robert J. Hansen schrieb:
> GnuPG conforms to the OpenPGP standard for cryptography.  That means
> there are ... what ... 14 or so compatible implementations.  You don't
> have to rely on GnuPG; there are a lot of other options out there.  This
> is very good for purposes of long-term storage.
It is probably one of the best choices for the purpose, however, in
general, long-term archival and encryption don't go together nicely.
Neither does compression or similar. Many algorithms or encryption modes
are rather 'sensitive' to single bit-errors, lost bits and the like.
Imagine the session-key part of an OpenPGP message be destroyed.
Commonly, this will be far less than 1% of the actual data, but even
with 99% intact, you won't have a chance of recovering *anything* from it.
When using encrypted backups, 100% data integrity plays a much greater
role than when just storing unencrypted data.

With a directory full of .bmp files, you have a fair chance not to
notice a bit flip at all or you might notice a single out-of-color pixel.
With a directory of .jpgs, you might notice a corrupted 8x8 pixels block
or, worst case, have one unusable image.
With a single images.zip.gpg file, a bit flip may mean that the whole
archive is unreadable (which is the worst case... no idea what an
average case might look like).

cu, Sven

More information about the Gnupg-users mailing list