AES-NI, symmetric key generation

Maricel Gregoraschko maricelgregoraschko at yahoo.com
Wed Mar 11 18:59:10 CET 2015 

Thanks Vedaal, yep that would be one mighty strong password!
      From: "vedaal at nym.hush.com" <vedaal at nym.hush.com>
 To: Maricel Gregoraschko <maricelgregoraschko at yahoo.com>; gnupg-users at gnupg.org 
 Sent: Tuesday, March 10, 2015 4:42 PM
 Subject: Re: AES-NI, symmetric key generation
   
On 3/10/2015 at 4:19 PM, "Maricel Gregoraschko" <maricelgregoraschko at yahoo.com> wrote:



>I agree, using key instead of passphrase doesn't enhance security 
>(assuming an attacker knows that the key was derived from a 
>passphrase and with what key derivation algorithm? I assume the 
>randomness/entropy of the key itself is high enough regardless of 
>the passphrase strength?). The reason I was asking if it's a 
>possibility to store the symmetric key to decrypt with later, was 
>to protect against future changes in the key derivation algorithm, 
>that would make gpg generate a different key for the same 
>passphrase, useless to decrypt previously encrypted data.Thank you 
>for your support.

-----

If you don't want to keep your passsphrase, and want only to keep the session key,
and you want this to have no weakness because of a questionably strong enough password that was used to generate the key,
then there is an easy way to do what you want:

[1] Encrypt a test message to any of your own keys.

[2] Decrypt this test message, with the option of --show-session-key

[3] Use this session key as the 64 character password for your symmetric encryption, (and save it, or you won't be able to decrypt the symmetric message).

[4] Decrypt your symmetrically encrypted file or message, using the option of --show-session-key

[5] Save this session key, and if you wish, you can destroy the first one. (you can always get it back by decrypting your message of step [1] ).


The string-to-key part of generating the session key for the symmetrically encrypted message, will be using a random 64 character GnuPG generated session key as it's password.

You can't find a better password (especially even one that you don't have to remember ;-)  )


vedaal



  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150311/97f9e054/attachment-0001.html>

More information about the Gnupg-users mailing list