future proof file encryption

Robert J. Hansen rjh at sixdemonbag.org
Fri Feb 27 23:56:53 CET 2009


Christopher J. Walters wrote:
> That's why it would be a good idea, in my opinion, to use a public
> key pair, and a weaker cipher than AES to encrypt data like family
> photos.

I cannot for the life of me see what's leading you to give this counsel.
Would you care to share your reasoning?

> I would also hash every file using a good hash algorithm, like SHA2,
> RIPEMD160, etc.

Why?  A good archiver will keep a running CRC, allowing you to identify
which files are good and/or bad.  Fuzzy hashing will potentially narrow
it down to a few bytes within the file, making it possible for a good
archivist to recover/restore most of the damaged area.

> Additionally, I would keep at least 3 copies on HDD media, and
> replace your HDD every 2 years or so, and copy everything to the new
> one (after testing it for bad blocks, etc.), as well as storing it on
> optical media.

Needless overkill for most purposes.  The lifespan of HD media is
surprisingly long: you can fairly easily recover data off a 30-year-old
hard drive.  You might have trouble finding an MFM or RLL bus, but once
you find it you're in pretty good shape -- especially if basic archival
protections were taken.

(For instance, don't vacuum-seal hard drives.  Put them in heavy-duty
antistatic bags, purge with very dry nitrogen, and seal it up.  You
could now store the hard drive underwater for years and still expect it
to work when you hooked it up.  Imagine how much better it will work
kept in a safe deposit box.)

Optical media can also be high reliability.  I'm not sure I'd trust a CD
that had been sitting on my dashboard for six weeks, but a CD stored in
a lightproof envelope kept in a dry nitrogen environment will be good
for decades.

> One last thing, I would recommend against compressing the image files
> into .ZIP, or other archives - for JPG and PNG files, they are
> already compressed and compression will likely only make them larger.

Yes, no -- it certainly can't hurt them.  Also, image formats are
usually about ten years in the past -- it's the nature of the beast, the
image industry wants very stable formats -- which means they're also
generally behind the curve on compression.  Compare this to compression
software, which is getting better by the day.




More information about the Gnupg-users mailing list