KeePass or any other password wallet to store and transport keys
Robert J. Hansen
rjh at sixdemonbag.org
Sun Jul 22 22:52:44 CEST 2012
On 7/22/2012 12:12 PM, Faramir wrote:
> If your secret key is password protected, placing it inside a keepass
> file would add a second (maybe unneeded) layer of protection, and you
> can chose a different encryption algorithm than GnuPG uses, so if one
> algo gets broken, the other would hold.
Not necessarily. This idea of 'stacking algorithms improves strength'
is tempting, but it can just as easily reduce strength or do nothing.
Imagine you have a simple substitution cipher, where each letter gets
moved up three positions in the alphabet (ROT3). Then, in order to make
this 'stronger', you re-encrypt it using ROT5. You're not producing
'two levels' of encryption which have to be broken individually, you're
producing a single ROT8 encryption and fooling yourself about the level
of security you actually have.
Cryptography is a subtle art, and algorithms interact with each other in
deeply surprising and counterintuitive ways. Before advocating that
algorithms be composed together to achieve certain results, it's good to
make sure that these compositions are cryptanalytically sound. :)
More information about the Gnupg-users
mailing list