encrypting files on hard drive (GPG, BSD)

encrypting files on hard drive (GPG, BSD)

Post by An Mete » Wed, 02 Jul 2003 23:20:32



I use GnuPG on Open and FreeBSD. I have a 2048-bit keypair with as I
believe a very good passphrase (no intact words in any language so far
as I know, lots of odd punctuation, quite long).  My keyrings are on
the hard drive, so my secret key is protected only by the
passphrase. (I know this is not the most secure possible situation.)

I also have many files on my hard drive that I like to keep encrypted
when I'm not using them (in case the computer is stolen). Presently
they are encrypted to my secret key. This way I only have to remember
one passphrase for all my files, and when I change my private key's
passphrase, I still only have to remember one new passphrase for
everything.

Would it be any more secure if I symmetrically encrypted the files
instead of encrypted to my private key, since the private key is
(although passphrase-encrypted) on the same hard drive?

 
 
 

encrypting files on hard drive (GPG, BSD)

Post by Ron B » Wed, 02 Jul 2003 23:50:53


-----BEGIN PGP SIGNED MESSAGE-----


> I use GnuPG on Open and FreeBSD. I have a 2048-bit keypair with as I
> believe a very good passphrase (no intact words in any language so far
> as I know, lots of odd punctuation, quite long).  My keyrings are on
> the hard drive, so my secret key is protected only by the
> passphrase. (I know this is not the most secure possible situation.)

> I also have many files on my hard drive that I like to keep encrypted
> when I'm not using them (in case the computer is stolen). Presently
> they are encrypted to my secret key. This way I only have to remember
> one passphrase for all my files, and when I change my private key's
> passphrase, I still only have to remember one new passphrase for
> everything.

> Would it be any more secure if I symmetrically encrypted the files
> instead of encrypted to my private key, since the private key is
> (although passphrase-encrypted) on the same hard drive?

Only if the passphrase for the symmetrically encrypted file is harder to
crack the key passphrase.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iQEVAwUBPwGfw0pQ41XL9/JxAQFuNQf/dePXt7xOAlqRotuCAl8LXHS78I7xEXl2
YV41S7MYZxghsEW2QjNNwVuTOAODOuJVOww0cu/ILfZVeER1gk4Btzu6+Zj860c2
HXNdx5ssngcFtIkDdxJWRXi3Jc3jqBcZxvITvoiC+2InkuwXZPrgaoDtsIW7+vKf
Kwkr0yHxWoUj8u8HasEAgrSfIWt9/VAi/R7m6njRgiwsGtu/hcpoApcFmN+uNpGE
40aSnMgvAt6pjqQoT1D0GxUGv5SFodv5Un+cl3KEsaYNSMgDOOuRRjsdhzHsiWsL
UTJ9NiwJ1egwVdP1pTSOXTDKSpDt+9P2iTbhQlkca8QGMHUc/UucyQ==
=kX01
-----END PGP SIGNATURE-----

 
 
 

encrypting files on hard drive (GPG, BSD)

Post by Jason Ti » Thu, 03 Jul 2003 03:49:43


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| > I use GnuPG on Open and FreeBSD. I have a 2048-bit
| > keypair with as I believe a very good passphrase (no
| > intact words in any language so far as I know, lots of
| > odd punctuation, quite long).  My keyrings are on the
| > hard drive, so my secret key is protected only by the
| > passphrase. (I know this is not the most secure
| > possible situation.)
| >
| > I also have many files on my hard drive that I like to
| > keep encrypted when I'm not using them (in case the
| > computer is stolen). Presently they are encrypted to my
| > secret key. This way I only have to remember one
| > passphrase for all my files, and when I change my
| > private key's passphrase, I still only have to remember
| > one new passphrase for everything.
| >
| > Would it be any more secure if I symmetrically
| > encrypted the files instead of encrypted to my private
| > key, since the private key is (although
| > passphrase-encrypted) on the same hard drive?

No, they are only symmetrically encrypted now.  However
their completely random keys are encrypted to the public
key.  Either way your data should be safe for a few
centuries or until someone finds out your passphrase

| Only if the passphrase for the symmetrically encrypted
| file is harder to crack the key passphrase.

They would have to recreate the passphrase (centuries if it
is real good) or private key (a few billion times the life
of the universe)

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPwHXwsfsqVOt5QlRAQIAHQ//dnlQft+MEpu2mL2ki+LyDUlhKn060MvP
bogn11qEvTkSAVf0V/UrUP2/2oow/8UF9glVzp1BBYrSApUJCsd9CXPH26lcZ9fC
VV9l3P+Uw7BIcmSdD3wzQZnJ68BlGbzR1CmhUvOxi/qZUYmN57rrcnBNK3ePJHV+
pFEbwxjikU26dH0/6fRejwm8Ga4gs6tqLE1tO2k5OPksUAneHUcxVO3q49nKoOe3
rD0iBr2PV0vOPtvOqmnIctRweT1dQ98kenkn91ixYkaYPHg37lXK3qKi4hYrmNnq
MElV+36OH+tFKj91Cc/KfhO3A7gOnMOKcCFejp9BZGfU+femMDPeG8fMwzjYef1k
oAOTY042kbA9SUm2/yCuqjbNamLpay2MyxZEOsmJ6ycWGR3gw+4b4Yk8J8Z/YyT1
BjLgTBRlUVl43vODCo91KZveuTidhAHG4akQdYUcOSwddRkrQGEq8lTix0gR6w7r
wEoGlHMna3QzaAi9GhxIpwpt6QgFnQtCzLbaOdRyrBbYWq5c8Qa+VZClGQ3By7xF
7wQh3/skgbcSyNuHKcFAr6EqFYe+fIlic54tTCNBN0wYaalQstT2T9udamZ/Gh7p
HT1SdW+56UjIaT1CH3VYwiCBWvgnuqHTTA0PsoCzb8hg4KM2vUHfYAXi7kBRscS3
9Le86IVYwtY=
=1kK+
-----END PGP SIGNATURE-----

 
 
 

encrypting files on hard drive (GPG, BSD)

Post by Anonymous Sende » Thu, 03 Jul 2003 05:04:46


Quote:> Only if the passphrase for the symmetrically encrypted file is harder to
> crack the key passphrase.

You're saying that, assuming the passphrases are equally good, (1)
cracking the private key (given the public key and the encrypted
private key) is really just as difficult as (2) cracking a symmetric
encryption?

I'm surprised: I would not have expected that, since there is a
mathematical relationship between the "real" (unencrypted) private key
and the public key; in other words, there is just more information to
play with in case (1).

 
 
 

encrypting files on hard drive (GPG, BSD)

Post by Jason Ti » Thu, 03 Jul 2003 05:59:52


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| > Only if the passphrase for the symmetrically encrypted
| > file is harder to crack the key passphrase.
|
| You're saying that, assuming the passphrases are equally
| good, (1) cracking the private key (given the public key
| and the encrypted private key) is really just as
| difficult as (2) cracking a symmetric encryption?

Let me try to clarify.

If you use the same passphrase for your key as for the
symmetric encryption then they are equally secure.

The private key is actually a large number.  If you have
that number you can decrypt anything encrypted to that key
(namely the file)

However the private key is symmetrically encrypted to the
passphrase.
The file is also symmetrically encrypted to the passphrase.

If you have the private key separate from the file they
have to recreate the private key, not the passphrase.
Therefore instead of centuries it would take eons unless
they decided to go at the file instead of the key, in which
case it would take the origional centuries but they would
only have access to that one file instead of everything you
have access to.

| I'm surprised: I would not have expected that, since
| there is a mathematical relationship between the "real"
| (unencrypted) private key and the public key; in other
| words, there is just more information to play with in
| case (1).

They are mathematically related but to derive the private
from the public would take several billion times the age of
the universe.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPwH2RcfsqVOt5QlRAQJkPw//YrpQ4leKA/r5K9BSFS4yUKZuiD4/R1ek
96XOnm36efQFOLyuX+reGH3EQiE+7/vrRQrBvoEXiAhOXUbkq0Qm5kQQnb9hrNTB
GnDpKJU/IOOsWKMw17U+/kp8JrundhvQr3MaJ/4fdwNUWnP2hhSQN4V1JcxWmKa7
CwJ54ZJD+2qLcDbeCOtFuEcJF7Atlkqb4HNeNjT+LYqJ7XO026qqJPrwF6eOh04r
D8z1lZaOduHJnTVmKHVaIome5+xgtdOZv3hjWFAySCxrfEB0s8cTwZ3xHgIiD3ZR
5wToskysT94X7jy8xEYrfweyaur80CcaCnaHl51C6wszAGsyNBX0FrofQAq21T2x
QwjuTL1ZcPqnMmQqt8tz2y8WtdjYRHK33QlMihIw6NMA4ZAo1/5EJNdbO6OHV9YT
aWe88kK4iwgumpAgx28R64jv+YoQKW8mQNpKNBzkKM5n8CzRMwhuIfvgUnD1nRGv
VP+YTXJxlGpMo3K1cwmMDJF8DTVPWASFZb63s+HEtL1G+uzEemNgmdfF/M5DxgHB
WyZHpc2n8yuD2KcwdpAMkFF8/4aIejMHSfhmFTzvzujXjmwN2IiV1hFtNQXivY0W
Fg7r76ymvs45PlRvE/8MUY9ifNzYHev3lPJ22Ap5sTfN+V9UCXIKiugXX21Y6oOd
8YE0Zn+657k=
=RTbl
-----END PGP SIGNATURE-----

 
 
 

encrypting files on hard drive (GPG, BSD)

Post by Alex » Thu, 03 Jul 2003 10:45:10


On Tue,  1 Jul 2003 20:04:46 +0000 (UTC)


> > Only if the passphrase for the symmetrically encrypted file is
> > harder to crack the key passphrase.

> You're saying that, assuming the passphrases are equally good, (1)
> cracking the private key (given the public key and the encrypted
> private key) is really just as difficult as (2) cracking a symmetric
> encryption?

> I'm surprised: I would not have expected that, since there is a
> mathematical relationship between the "real" (unencrypted) private key
> and the public key; in other words, there is just more information to
> play with in case (1).

There are two ways to go about cracking the gpg encrypted files as they
stand:

A) Factor your 2048 bit public key into its components p and q
B) Crack the symmetric encryption on your private key

If the symmetric encryption you use on the filesystem is better than
*either* of these, then it increases your security.  Of these two
possibilities, I would venture that forcing your pass phrase is easier
than factoring the 2048 bit number, and I would bet the same for any
pass phrase that you are able to remember.  The only reason, imho, to
use the symmetric encryption would be a fear of large quantum computers.

Overall, I think the probability of your system getting hacked and
keylogged, or of men in black ninja suits secretly installing video
cameras in the wall opposite your monitor, is higher than that of
somebody cracking one of these encryption schemes given decent (30+
character, non-sensical) pass phrases.  :-)

--Alex

 
 
 

1. encrypt to tape multiple files using TAR and gpg

I'm finding it very difficult to do what I think would be a common
scenario.  I am trying to encrypt files that are written to a backup
tape for offsite storage.

Using gpg, is there a way I can tar and encrypt an entire directory?
This is for Solaris, so the tape device is /dev/rmt/0

I think i need to use the --passphrase-fd n option, but I'm not sure
what the "n" refers to in the man page, or how to get piping to work.

thanks,
-Tony

2. font installing troubles

3. PGP 6.5.1 Data Security Suite and encrypting the Entire hard drive

4. Keyboard problem

5. primary slave hard drive or second hard drive does not seem to be working

6. Clearpath

7. SAP Plug & Play Hard Drives - SAP Hard Drives for Servers - SAP Online Access

8. SNMP and printer monitoring

9. SAP Plug and Play Hard Drives - SAP Hard Drives for Servers -- SAP Online Access

10. SAP Plug & Play Hard Drives - SAP Hard Drives for Servers - SAP Online Access

11. SAP Plug and Play Hard Drives - SAP Hard Drives for Servers - SAP Online Access

12. SAP Plug & Play Hard Drives - SAP Hard Drives for Servers - SAP Online Access

13. SAP Plug and Play Hard Drives - SAP Hard Drives for Servers - SAP Online Access