future proof file encryption
Christopher J. Walters
cwal989 at comcast.net
Fri Feb 27 23:26:29 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Sven Radde wrote:
> It is probably one of the best choices for the purpose, however, in
> general, long-term archival and encryption don't go together nicely.
> Neither does compression or similar. Many algorithms or encryption modes
> are rather 'sensitive' to single bit-errors, lost bits and the like.
> Imagine the session-key part of an OpenPGP message be destroyed.
> Commonly, this will be far less than 1% of the actual data, but even
> with 99% intact, you won't have a chance of recovering *anything* from it.
> When using encrypted backups, 100% data integrity plays a much greater
> role than when just storing unencrypted data.
> With a directory full of .bmp files, you have a fair chance not to
> notice a bit flip at all or you might notice a single out-of-color pixel.
> With a directory of .jpgs, you might notice a corrupted 8x8 pixels block
> or, worst case, have one unusable image.
> With a single images.zip.gpg file, a bit flip may mean that the whole
> archive is unreadable (which is the worst case... no idea what an
> average case might look like).
> cu, Sven
I agree with you, especially with cryptography, but with compression, as well.
I am assuming that you are talking about filesystem errors and the degradation
of data on magnetic media. This can mess a person up with image files -
especially compressed formats like JPEG and PNG, even without encryption added
to the mix.
That's why it would be a good idea, in my opinion, to use a public key pair,
and a weaker cipher than AES to encrypt data like family photos. I would also
hash every file using a good hash algorithm, like SHA2, RIPEMD160, etc.
Additionally, I would keep at least 3 copies on HDD media, and replace your HDD
every 2 years or so, and copy everything to the new one (after testing it for
bad blocks, etc.), as well as storing it on optical media. A good backup
schedule is essential for all data. One last thing, I would recommend against
compressing the image files into .ZIP, or other archives - for JPG and PNG
files, they are already compressed and compression will likely only make them
larger. For BMP files, I would suggest compressing each one separately with a
RAR format, with a recovery record. If you use GnuPG, it will compress by
default and with the key pair suggestion, you can encrypt+sign each one
separately, so at most, you'll lose one or two files, rather than all of them.
Personally, I'd just keep them on removable media (like ZipDisks, CD/DVD+-R,
USB port hard disk drives, etc.), and view them from there. It is not like
we're talking about information vital to national security, here... I only
encrypt things I absolutely don't want others to see (personal financial,
medical, etc. information).
As for your worst case, you can end up with a file you cannot decrypt, if the
first part of the encrypted file is destroyed. If the error is in the data
packet, most of the time, it will be detected, especially so if you sign it
with a your secret key. In that case, the normal or average case will be that
you'll either lose one or more files, or they will be corrupted - possibly
still readable. You would have to run some form of zipfix on the archive to
read it, though.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users