GPG2 encryption options

Peter Lebbing peter at digitalbrains.com
Thu Oct 3 13:26:56 CEST 2013


On 03/10/13 06:46, mightymouse2045 wrote:
> Is this possible with gpg2? I like this because I can use random files taken
> from the 100,000's+ static non-changing files

100,000 tries for an attacker amounts to 17 bits of security. This is as little
as nothing at all.

> There are some files I don't like having to enter a passphrase for each time
> due to them be accessed very frequently

gpg-agent can remember passphrases for you. You could also look into using a
smartcard. With a conventional, on-disk key, the passphrase cryptographically
protects the secret key material, so it needs to be complicated to have enough
entropy. With a smartcard, you only use a PIN, say 8 digits. 8 numerical digits
is 27 bits of entropy, again nothing. But that's not a problem because the card
locks after 3 tries; the PIN is not used as a cryptographic key. Entering an 8
digit PIN is much less work than entering a good passphrase.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list