future proof file encryption
Moritz Schulte
mo at g10code.com
Fri Feb 27 12:35:16 CET 2009
> Is it true to say then,
> that if you wanted someone to be able to decrypt a
> (symmetrically encrypted) file, they'd need to know the algorithm used,
> the key and they'd also have to use the same program to decrypt as used
> to encrypt the file?
Not quite. In general: you shouldn't base the security on the secrecy of
the methods used (algorithm, implementation, ...). Besides, when using
a program which implements a documented standard, it doesn't matter what
actual implementation of the standard you (or the attacker) use(s). The
security should depend on the secrecy of your key.
mo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090227/1388602d/attachment.pgp>
More information about the Gnupg-users
mailing list