Is it safe to put an encrypted file on a public web server

Dion Moult dion at thinkmoult.com
Wed Nov 11 17:00:47 CET 2009


Hello,

I would recommend putting it below the document root of the webserver for 
added security - you really don't want crawlers easily discovering it.

On Wednesday 11 November 2009 20:13:33 Morten Kjærulff wrote:
> Hi,
> 
> I am new here, so sorry if I ask stupid questions.
> 
> I would like to use my unused storage on various web servers for
> backup of my personal data, including the file with all my passwords.
> 
> Q1) Assume that I make a good passphrase, would it then be safe to
> encrypt my backup with "gpg --symmetric ...", and put the backup where
> anyone can get it?
> 
> man page for --symmetric say: "... The  default symmetric  cipher
> used  is  CAST5,  but  may be chosen with the --cipher-algo option.
> ...". "gpg --version" says:
> 
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> 
> Q2) Why would I use another cipher?
> 
> Q3) Are some ciphers stronger than others? If so, which is the best
> for my purpose? (is it purpose dependent which is best?)
> 
> Cheers,
> Morten
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-- 
Dion Moult :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20091112/cc950de6/attachment.pgp>


More information about the Gnupg-users mailing list