symmetric vs. asymmetric in group use
Peter Lebbing
peter at digitalbrains.com
Tue Aug 28 14:21:29 CEST 2012
On 28/08/12 08:37, peter.segment at wronghead.com wrote:
> break: RNG, asymmetric and symmetric cipher, while the symmetric
> has only one: symmetric cipher.
When using OpenPGP, add RNG back to the list: the passphrase is only used to
encrypt the randomly generated session key that encrypts the data.
And in all cases, add some form of resisting tampering, i.e., a hash.
Furthermore, if you're going to reject hybrid crypto as used in OpenPGP as too
fragile, you might be better off migrating to a different planet :). Apparently
you have such capable adversaries in your threat model that living on our planet
might be a tad too dangerous for you :).
Peter.
PS: Let's not argue based on that last statement, it was well tongue-in-cheek
with just a kernel of truth.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
More information about the Gnupg-users
mailing list