How secure asymmetric encryption to yourself?

Sven Radde email at sven-radde.de
Mon Feb 23 18:29:11 CET 2009


Hi!

Chris Poole schrieb:
> How secure is it to use my own public key as the encryption method
> (rather than symmetric), given that the password file is stored on the
> same drive as my public and private keys? 
The simple answer is: It doesn't matter, both methods are equally secure
(with the security determined primarily by the strength of your passphrase).

The asymmetric approach could have its advantages, because I can imagine
some scenarios where an attacker might obtain the encrypted data and the
passphrase but would be unable to get access to the secret key file
(e.g., because it is not a file but rather in a smartcard or because the
private key is on offline media at the time of compromise of the data).

Not having the private key leaves an attacker with the requirement to
either brute-force the symmetric session key or crack the public key to
obtain the secret key. Both things are supposed to be infeasible given
GnuPG's algorithms/keylengths and the current state of cryptanalysis.

However, there is the risk that a cryptanalytical advancement would
allow easy breaking of asymmetric keys which could enable an attacker to
fully bypass your passphrase by cracking the public key (thereby getting
the private key and thereby decrypting the data). IMHO, this risk is
negligible and if it happens anyway, people would probably have nastier
things to do than cracking specifically *your* key (e.g. forging SSL
certificates of banks etc)...

On the other hand, asymmetric has one disadvantage: The private key file
is something that must be stored as safe as the encrypted data. (I mean
backups etc.) No matter whether you know the passphrase, if the private
key file is deleted, you won't get your data back!

As a sidenote: Is it possible to find out a public key just from looking
at data encrypted to that public key?(Assume the key is not on a
keyserver, of course.)
If the public key could also be hidden from an attacker (e.g. the
attacker has just the encrypted data file and the passphrase), it would
leave brute-forcing of the symmetric algorithm as the only attack
option... Plausible scenarios for this are more difficult to imagine,
though.

cu, Sven

PS: IMHO there are more usable ways of managing one's passwords than
storing them in a GnuPG file (although much can be accomplished by
wrapping access to that file through a number of shell scripts, I assume).



More information about the Gnupg-users mailing list