Re: Symmetric encryption: why not use private keys?

vedaal_at_hush.com
Date: 09/05/04


Date: 5 Sep 2004 09:11:42 -0700

Suzanne Skinner <tril@igs.net> wrote in message news:<slrncjk6f8.dm.tril@miranda.igs.net>...

> I'm referring to GPG's behavior when the -c option (as opposed to -e) is used
> to select traditional symmetric encryption. In this case, the only option for
> key generation seems to be to hash a user-entered passphrase. I'd prefer it to
> do something similar to what it does for -e: generate a symmetric key with
> good entropy, store it in the secret keyring and protect it with a passphrase.
> This way dictionary attacks wouldn't be possible unless the attacker got
> access to the keyring.

ok,

if you want gnupg to generate a random passphrase for you to use for
symmetric encryption,

then there is an effective, simple [although inelegant ;-) ]
workaround:

[1] use the option of 'show-session-key' in gnupg

[2] encrypt the message first to any keypair that you have

[3] decrypt the message in gnupg

[4] use the randomly generated session key that gnupg displays for
you, as your passphrase for the symmetric encryption

(1t will be 32 characters long if you use idea, or cast,
48 characters if you use 3-des
and 64 characters if you use twofish or aes-256)

it doesn't matter which one you use, since the session key will be
truncated anyway, to whatever length of passphrase you consider
sufficient.

i imagine that 12 to 16 characters is more than sufficient,

but invite the crypto experts to give their opinions on the
appropriate lengths,
and if the gnupg randomly generated session key, is 'random enough',

(and also, btw, if this is a reasonable way to use computers to
generate random strings [with the understanding that it is limited to
the hexadecimal characters]).

(it is, in any case, 'as random' as the gnupg public key encryption
that you prefer)

hth,
vedaal