Robert J. Hansen
rjh at sixdemonbag.org
Thu Oct 16 20:58:31 CEST 2014
> I have a program that will frequently need to store modest-size
> chunks of of data on disk, perhaps 1-4kB per chunk. The data is
> sensitive, but not ultra top secret. I would like to make a
> reasonable effort to keep it from prying eyes.
Please don't take this the wrong way, but -- please don't. Libgcrypt is
not particularly friendly to novices. It exposes a *lot* of dials and
switches in the interests of letting experts do weird and useful things.
Novices will be better-suited with something like Peter Gutmann's
cryptlib, which is high-quality and well-regarded and is probably more
> P.S. On my FreeBSD system, un-updated as it may be, there seems
> to be a crypt(3) in the standard C library.
I believe on FreeBSD this is just bog-standard DES, but I could be
mistaken. DES is not a strong cipher.
> Fortunately, I *do* have something that's a bit faster than A Pentium 166
> :-) but I'm still rather baffled by the meaning of the phrase "designed
> to be time-consuming" in this context.
To help foil brute-force attacks. crypt(3) is normally used with really
short pieces of text -- passwords. As such, one way to attack passwords
is to get a large dictionary of words and run each word through crypt(3)
and store the result. If you want to break a password, look at its
crypt(3)ed value and compare it to your database of computed values. If
you get a hit, then look back at what the original word was.
To foil these sorts of attacks ("dictionary attacks"), crypt(3) has been
built to be very, very slow.
More information about the Gnupg-users