KeePass or any other password wallet to store and transport keys

Faramir faramir.cl at gmail.com
Wed Jul 25 04:21:36 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 22-07-2012 16:52, Robert J. Hansen escribió:
> On 7/22/2012 12:12 PM, Faramir wrote:
>> If your secret key is password protected, placing it inside a
>> keepass file would add a second (maybe unneeded) layer of
>> protection, and you can chose a different encryption algorithm
>> than GnuPG uses, so if one algo gets broken, the other would
>> hold.
> 
> Not necessarily.  This idea of 'stacking algorithms improves
> strength' is tempting, but it can just as easily reduce strength or
> do nothing.

  Clearly I'm out of my league there. I had heard about that, but
later I also heard about stacking different algos (with different keys
of course) to increase security.

> Cryptography is a subtle art, and algorithms interact with each
> other in deeply surprising and counterintuitive ways.  Before
> advocating that algorithms be composed together to achieve certain
> results, it's good to make sure that these compositions are
> cryptanalytically sound.  :)

  Indeed. But, AFAIK (and I can be wrong), private keys are stored
individually encrypted (lets assume the use encrypts them all) inside
the private keyring. Each one can have a different passphrase. Then
you take that keyring and encrypt it using... lets say, Twofish algo,
with a different passphrase. In that case, you would be encrypting a
different file, not the individual private key, so it might be at
least equivalent to using salt to make the file change.

  Anyway, do you know about any list of "compatible" encryption
algorithms? I mean, pairs that work well together.

  Best Regards

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJQD1gwAAoJEMV4f6PvczxA2AcH/jyAJrSpwCK838pg0j3omJ7H
zVZElXU4zh8r8PNCaO4SsRdkyNRWmvlzN5/nMkbl80RFzEgiWN/IZEcnPxtbkiMV
2XoIyoF3rYGnLj/SvSUsyMBudo5UJDl0iBUu2e6UEfLQEKPiF/C7usjCq/y+n0Yc
J/7q9ZoW8WY4Sehvmk9xVPi4WmEKx4Z4it6UAW2oDH9BUmbL565nGalRQVHve0qC
9c9siNkvj73HgkHgHCRDt+PKzcJe7U/nJYPLslgc0Rki/siytvQlHUpqGgWxuJQF
ykOyWGUIM2shHiCWUCNUKSDvkaUwb+1/+Jgsn8P6kemQpSzrYBLEF0b1oZNNF3o=
=zpYk
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list