symmetric vs. asymmetric in group use

Peter Lebbing peter at
Tue Aug 28 14:21:29 CEST 2012

On 28/08/12 08:37, peter.segment at wrote:
> break: RNG, asymmetric and symmetric cipher, while the symmetric
> has only one: symmetric cipher.

When using OpenPGP, add RNG back to the list: the passphrase is only used to
encrypt the randomly generated session key that encrypts the data.

And in all cases, add some form of resisting tampering, i.e., a hash.

Furthermore, if you're going to reject hybrid crypto as used in OpenPGP as too
fragile, you might be better off migrating to a different planet :). Apparently
you have such capable adversaries in your threat model that living on our planet
might be a tad too dangerous for you :).


PS: Let's not argue based on that last statement, it was well tongue-in-cheek
with just a kernel of truth.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list