Is it safe to rename file.gpg to `md5sum file`?

Max Parmer maxp at pdx.edu
Wed Dec 5 18:59:20 CET 2012


On Tue, Dec 4, 2012 at 12:03 PM, sben1783 <sben1783 at yahoo.de> wrote:

> On Tue, 4 Dec 2012 14:40:22 +0200, "yyy" <yyy at yyy.id.lv> wrote:
>
>> There isn't enough entropy in a filename for an MD5 checksum to give
>>> much in the way of secrecy.
>>>
>>>
>> It seems that MD5 checksum is computed from file contents, not name.
>>
>
> Yes, I meant to use the MD5 checksum of the original file, not its
> original name. I'm still interested whether this would be "insecure"?
>

If by insecure you mean, "could lead to exposing the contents of the file"
or "could reveal my passphrase" that would depend (in part) on the size and
contents of the file (i.e. very short files would less time consuming to
brute force, files with very regular formats would be quicker to brute
force, etc.) and the symmetric cipher used.

Revealing the plaintext of some files could be fairly significant with the
default symmetric cipher for GPG is CAST-128 which is potentially subject
to key recovery via a chosen plaintext attack. AES doesn't have any
presently known vulnerability of that sort.

If you just need a unique key to refer to the file, you're already storing
the source path in the "summary" file your tool generates. If you just need
a guaranteed unique identifier for each file (because, say, you're storing
them all flatly in a single directory), I would just hash the path (which
is apparently not sensitive data, as you seem to be storing it in plaintext
in the summary file) as it's guaranteed to be unique per-system.

If you just need file integrity checking, the algorithm more-or-less takes
care of that.

I wouldn't use the md5 hash of the file's contents, if the contents are
sensitive.


> I found a discussion on this list in 2011, where user atom wrote:
>
>  just make sure you're hashing the file-NAME, not it's contents.
>> of course, if you don't lose your db, then there's nothing wrong
>> with hashing the contents, or even a counter or random string. hashing
>> the file-NAME is just an idea that makes recovery of the db possible if
>> you know the format and range of the file-names (and any secret that
>> may be used). the real trick is to just do something secure and
>> consistent... sha1 does the job.
>>
>
> (http://www.mail-archive.com/**gnupg-users@gnupg.org/**msg15110.html<http://www.mail-archive.com/gnupg-users@gnupg.org/msg15110.html>
> )
>
> He states it's not a problem to hash the files contents, but it seems
> to be thought of no different than "counter and random string" - this
> are completely different things IMHO.
>
> And, by the way, how could the hash of a filename be used to reconstruct
> the filename (as atom says "... makes recovery of the db possible ...")
> There is no such thing as inverse-md5sum, is there? You'd still need
> "brute force" to find the original name?
>
> Thanks
> Ben
>
>
>
> ______________________________**_________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/**mailman/listinfo/gnupg-users<http://lists.gnupg.org/mailman/listinfo/gnupg-users>
>



-- 
Max Parmer
5D99 D929 93FE EE79 1645  D77A D771 E875 20CB D918
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20121205/0ab474c3/attachment.htm>


More information about the Gnupg-users mailing list