Is it safe to put an encrypted file on a public web server

David Shaw dshaw at jabberwocky.com
Wed Nov 11 15:01:09 CET 2009 

On Nov 11, 2009, at 7:13 AM, Morten Kjærulff wrote:

> Hi,
>
> I am new here, so sorry if I ask stupid questions.
>
> I would like to use my unused storage on various web servers for
> backup of my personal data, including the file with all my passwords.
>
> Q1) Assume that I make a good passphrase, would it then be safe to
> encrypt my backup with "gpg --symmetric ...", and put the backup where
> anyone can get it?

Yes, it is safe, but keep in mind that this rests the complete  
protection of the data on the passphrase (i.e. it had better be a good  
one, since an attacker can download your encrypted backup and spend  
all the time they like trying to find the passphrase).  Generally,  
people don't put their encrypted files in a public place.  This aids  
in protecting the data since if the attacker can't get the file at  
all, they can't even try to attack the passphrase.  It's a defense in  
depth.

So basically safe, but perhaps inadvisable.

> man page for --symmetric say: "... The  default symmetric  cipher
> used  is  CAST5,  but  may be chosen with the --cipher-algo option.
> ...". "gpg --version" says:
>
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>
> Q2) Why would I use another cipher?

Personal taste, local business or other policy, legal requirements  
(some industries in some countries have to use particular ciphers), etc.

> Q3) Are some ciphers stronger than others? If so, which is the best
> for my purpose? (is it purpose dependent which is best?)

Yes, some are stronger than others, but it's hard to say which is best  
without knowing exactly what you want.  For example, 3DES is the  
oldest (and by far the slowest) cipher in GPG's list, but if you want  
the cipher that has withstood attack for the longest period of time,  
that's your choice.  If you want the one that has had the most recent  
study, that's probably AES.  If you want to be compatible with really  
old versions of PGP (not GPG), you want IDEA (not in your list  
above).  And so on.

AES256 is probably the best all-round choice in GPG if you want to  
just say "strongest" and leave it at that (it is also the default  
cipher for new keys), but note that unless your situation is unusual,  
any of the ciphers in GPG is likely stronger than they need to be.

David

More information about the Gnupg-users mailing list