|
From: | Yves Goergen |
Subject: | Re: [Duplicity-talk] Encryption password selection |
Date: | Tue, 09 Dec 2014 22:26:36 +0100 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 |
Am 09.12.2014 um 19:06 schrieb Cláudio Gil:
1. Each time you encrypt something, the symmetric key will be different (As it's randomly generated at the time of encryption). This randomly generated symmetric key will be used to encrypt the data for the current session, then will be encrypted using the public key for the asymmetric key. This means if someone was able to crack the symmetric key (Doubtful), they'd only have access to that small segment of data. I was unaware of that. Very smart of GPG to avoid paying the complexity cost for the entire encryption.
While I knew that asymmetric encryption is only used to encrypt *a* symmetric key, I wasn't currently aware that this key is *random*. Good point. Meanwhile, I've set up my things to use a GnuPG key for encryption and signing.
But that makes me wonder whether the traditional password is directly used to derive a symmetric key, and is it the same every time, or could the password just be used like an asymmetric key to encrypt a random second key which actually encrypts the data, and could be AES. Or wouldn't that be helpful because a password is (most often) shorter than a gpg key?
-- Yves Goergen http://unclassified.de http://dev.unclassified.de
[Prev in Thread] | Current Thread | [Next in Thread] |