Is it safe to rename file.gpg to `md5sum file`?

sben1783 sben1783 at
Tue Dec 4 21:03:51 CET 2012

 On Tue, 4 Dec 2012 14:40:22 +0200, "yyy" <yyy at> wrote:
>> There isn't enough entropy in a filename for an MD5 checksum to give
>> much in the way of secrecy.
> It seems that MD5 checksum is computed from file contents, not name.

 Yes, I meant to use the MD5 checksum of the original file, not its
 original name. I'm still interested whether this would be "insecure"?

 I found a discussion on this list in 2011, where user atom wrote:

> just make sure you're hashing the file-NAME, not it's contents.
> of course, if you don't lose your db, then there's nothing wrong
> with hashing the contents, or even a counter or random string. 
> hashing
> the file-NAME is just an idea that makes recovery of the db possible 
> if
> you know the format and range of the file-names (and any secret that
> may be used). the real trick is to just do something secure and
> consistent... sha1 does the job.


 He states it's not a problem to hash the files contents, but it seems
 to be thought of no different than "counter and random string" - this
 are completely different things IMHO.

 And, by the way, how could the hash of a filename be used to 
 the filename (as atom says "... makes recovery of the db possible ...")
 There is no such thing as inverse-md5sum, is there? You'd still need
 "brute force" to find the original name?


More information about the Gnupg-users mailing list