KeePass or any other password wallet to store and transport keys
antispam06 at sent.at
antispam06 at sent.at
Mon Jul 23 01:22:59 CEST 2012
On Sun, Jul 22, 2012, at 16:52, Robert J. Hansen wrote:
> On 7/22/2012 12:12 PM, Faramir wrote:
> > If your secret key is password protected, placing it inside a keepass
> > file would add a second (maybe unneeded) layer of protection, and you
> > can chose a different encryption algorithm than GnuPG uses, so if one
> > algo gets broken, the other would hold.
>
> Not necessarily. This idea of 'stacking algorithms improves strength'
> is tempting, but it can just as easily reduce strength or do nothing.
>
> Imagine you have a simple substitution cipher, where each letter gets
> moved up three positions in the alphabet (ROT3). Then, in order to make
> this 'stronger', you re-encrypt it using ROT5. You're not producing
> 'two levels' of encryption which have to be broken individually, you're
> producing a single ROT8 encryption and fooling yourself about the level
> of security you actually have.
Interesting. But I meant in my original unclear post something along the
change of encryption. Moving keys off the keychain into armored text
strings pushed as comments into empty or bogus entries into a password
vault.
> Cryptography is a subtle art, and algorithms interact with each other in
> deeply surprising and counterintuitive ways. Before advocating that
> algorithms be composed together to achieve certain results, it's good to
> make sure that these compositions are cryptanalytically sound. :)
Very interesting. So having a keepass database or a gpg keychain on a
Truecrypt drive might make them both more vulnerable?
More information about the Gnupg-users
mailing list