Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How secure is GPG using a symmetric cypher?
5 points by brdrak on Sept 10, 2013 | hide | past | favorite | 6 comments
If I encrypt a file using a 20 character password like so:

  gpg -c --force-mdc file
Assuming the password doesn't appear on any dictionary lists, and has enough randomness to require brute force, how secure is the result?


Very secure.

GPG doesn't have a particularly great KDF, so shorter passphrases are an issue, but a 20 character passphrase compensates for that.


Thanks. Secure enough to store out in the open (e.g. public git repo, etc)?


First question, are you certain there is no keylogger on the computer you are typing the password on?

O yeah, keyloggers don't have to be in your computers software either https://freedom-to-tinker.com/blog/felten/acoustic-snooping-...


You boot from a Live-CD. But then maybe someone has put a logger in your keyboard. Or doing powerline monitoring. Or watching you with infrared camera. And so on...


Let's say I have access to multiple computers at several locations, and at least one is secure. I encrypt the plain text on c1, put on a USB key, encrypt the encrypted file again on c2. Then again. Then transfer the file to a new USB key and destroy the original (in case file system there has remnants of other files).

The adversary would have to know all three passwords to decrypt the final file.gpg.gpg.gpg, correct?


Um. How could he ever be certain of that?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: