Why sign as well as encrypt files stored on untrusted drives?
Chris Poole
lists at chrispoole.com
Thu Jul 14 11:48:10 CEST 2011
On Thu, Jul 14, 2011 at 4:58 AM, Jerome Baum <jerome at jeromebaum.com> wrote:
> On the manifest file, if you're hashing the encrypted files then it's
> really useless (the attacker can just re-hash and re-encrypt for the
> manifest file).
Yes, Duplicity uses these message digests only as a checksum, to make
sure corruption didn't occur during network transfer (i.e., nothing
cryptographic).
Thanks for the help. I'm just going to get used to entering my
passphrase a little more!
Cheers
Chris Poole
[PGP BAD246F9]
More information about the Gnupg-users
mailing list