Re: Symmetric encryption: why not use private keys?

vedaal_at_hush.com
Date: 09/05/04


Date: 5 Sep 2004 09:11:42 -0700

Suzanne Skinner <tril@igs.net> wrote in message news:<slrncjk6f8.dm.tril@miranda.igs.net>...

> I'm referring to GPG's behavior when the -c option (as opposed to -e) is used
> to select traditional symmetric encryption. In this case, the only option for
> key generation seems to be to hash a user-entered passphrase. I'd prefer it to
> do something similar to what it does for -e: generate a symmetric key with
> good entropy, store it in the secret keyring and protect it with a passphrase.
> This way dictionary attacks wouldn't be possible unless the attacker got
> access to the keyring.

ok,

if you want gnupg to generate a random passphrase for you to use for
symmetric encryption,

then there is an effective, simple [although inelegant ;-) ]
workaround:

[1] use the option of 'show-session-key' in gnupg

[2] encrypt the message first to any keypair that you have

[3] decrypt the message in gnupg

[4] use the randomly generated session key that gnupg displays for
you, as your passphrase for the symmetric encryption

(1t will be 32 characters long if you use idea, or cast,
48 characters if you use 3-des
and 64 characters if you use twofish or aes-256)

it doesn't matter which one you use, since the session key will be
truncated anyway, to whatever length of passphrase you consider
sufficient.

i imagine that 12 to 16 characters is more than sufficient,

but invite the crypto experts to give their opinions on the
appropriate lengths,
and if the gnupg randomly generated session key, is 'random enough',

(and also, btw, if this is a reasonable way to use computers to
generate random strings [with the understanding that it is limited to
the hexadecimal characters]).

(it is, in any case, 'as random' as the gnupg public key encryption
that you prefer)

hth,
vedaal



Relevant Pages

  • Re: Symmetric encryption: why not use private keys?
    ... as your passphrase for the symmetric encryption ... GnuPG will still insist on hashing whatever passphrase I provide ... Suzannne ...
    (sci.crypt)
  • RE: ADS Password Storage Protection
    ... reason many organizations recommend a complex password but only up to 8 ... characters long is because many unix systems don't support a password ... complex for dictionary attack and other similar reasons. ... not want the passphrase to appear in, I would exclude a popular book of ...
    (Security-Basics)
  • Re: ALERT: WPA isnt necessarily secure
    ... WPA-PSK is vulnerable to offline attack. ... USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. ... USE MORE THAN 32 CHARACTERS. ...
    (alt.internet.wireless)
  • RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!
    ... the cracker best know that it is a passphrase versus a password ... characters which will take a while or use some fairly large tables. ... through the policy. ... this legacy support really hurts MS'es attempts to get more secure. ...
    (Full-Disclosure)
  • RE: XP password and encryption
    ... :> increases the encryption in a non-linear way... ... This depends on the type of passphrase you use. ... it does not matter how many characters you use it is going to be trivial ... So you can not disable NTLM in this case you most suggest using ...
    (Security-Basics)