use key, not passphrase, in symmetric encryption

Robert J. Hansen rjh at sixdemonbag.org
Mon Oct 17 14:59:33 CEST 2011


On 10/17/2011 7:51 AM, sweepslate wrote:
> I wanted to use something larger than a passphrase so I wondered if I
> can use a key. But on a second thought, I could use a SHA512SUM as a
> passphrase, which is 128 bytes in length. That makes it 1024 bits;
> correct? It's like a small key. I could use 4 of them combined for the
> strength of a key of 4096 bits.

Other people will explain how to use various command-line options to do
what you want: me, I'm going to offer a hopefully polite correction.

Asymmetric key lengths cannot be directly compared to symmetric key
lengths.  A 128-bit *symmetric* cipher is roughly a trillion times
stronger than a 1024-bit *asymmetric* cipher: in fact, the general
understanding is that a 128-bit symmetric cipher is comparable to a
3072-bit asymmetric cipher.

You can use symmetric cryptography, driven by a passphrase and hashed
with a good algorithm, with confidence.




More information about the Gnupg-users mailing list