Re: question about gpg

On Fri, 13 Jul 2007 14:55:55 -0700, raydenxy@xxxxxxxxx wrote:

Maybe you guys are right but i think you some of you
misinterpreted my question.Everywhere i look it says that
knowing part of the original message can make it easy on
finding the private key.

If that were true, public-key cryptography would be weak,
because *anybody* can generate plaintext-ciphertext pairs,
because the encryption key is, after all, public.

It is true that if I know that a ciphertext represents
either "Yes" or "No", encrypted without random padding under
a given public key, then I can figure out the plaintext by
encrypting "Yes" and "No" and comparing the ciphertext. To
deal with this problem, before the encryption step the
plaintext is typically "formatted" in a way that involves
many random bytes. This operation is variously referred to
as "formatting", "encoding", or "padding", and dates back at
least as far as my 1993 version of the PKCS #1 standard.

I also have another question: What would you guys recommend on using
for private means of encryption : The passphrase one (gpg -c) with a
really good password or the public key method. I am thinking of this
scenario , i have a file "myfile" and i do "gpg -c myfile " and then
give it a pass like this "gj8857&_+sfH<>$#FF" . Would it be more
secure to use the public method for "myfile" with a key of 2048
bits(or longer)?

Both a well-generated symmetric key of 128 bits and a
well-generated public key of 2048 bits are currently strong
enough for all but government-taunting applications. The
weakest link will be elsewhere, most likely in your
key-handling practices. You should therefor ask yourself
which kind of cipher will allow you to use the more secure
key-handling practices. The most conspicuous consideration
of this sort is that if you use a symmetric-key system, the
secret key will have to be handled every time and every
place something is encrypted *and* every time and every
place something is decrypted, whereas if you use a
public-key system, the crucial secret is present only during
decryption.

--
To email me, substitute nowhere->spamcop, invalid->net.
.

Quantcast