KeePass or any other password wallet to store and transport keys

Faramir faramir.cl at gmail.com
Thu Jul 26 02:40:28 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 25-07-2012 1:12, Robert J. Hansen escribió:
> On 7/24/2012 10:21 PM, Faramir wrote:
>> Clearly I'm out of my league there. I had heard about that, but
>> later I also heard about stacking different algos (with different
>> keys of course) to increase security.
> 
> I'm unaware of any reputable reference that recommends this
> practice. That's not to say no such reference exists, only that if
> one exists I'm unaware of it.

  If I even saw a reputable reference, I forgot it. I know TrueCrypt
can stack up to 3 different encryption algorithms, but that is not the
same as if Schneier, Shamir or that kind of professionals say it is a
good measure. I know Schneier adviced to be careful, because you don't
know if you will improve security or decrease it, but that was a long
time ago, maybe now they know a bit more, but if they do, I could not
find a reference.

  Now I found this article, with some references to papers:
http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html


>> Anyway, do you know about any list of "compatible" encryption 
>> algorithms? I mean, pairs that work well together.
> 
> The better question, to me at least, is "why would I want to do
> this?"

  Probably because some software offers the option to do it, it would
be good to know what to avoid, other than "avoid everything".

> Cryptosystems tend to fail predominantly due to human error, then
> to software bugs.  Consider that since PGP 2.6 was released in ...
> what was it, '91? ... not one single encryption algorithm used by
> PGP has ever been broken.  Although IDEA is not well-regarded by
> modern standards it's still a safe cipher; and RSA is still, well,
> RSA.

  In that case, it might make a sense to, lets say, compress and
encrypt a file using winzip, and then compress and encrypt it using
7zip, in case one implementation fails, the other might hold. Or in
the case of the original question, storing the private keyring inside
a keepass database. If there is a bug in GnuPG, maybe keepass will
hold. If there is not a bug in gpg, then it doesn't matter if keepass
is bug-free or not.

  It might make a sense using cascade encryption in truecrypt, just in
case there is a bug in the implementation of one of the encryption
algorithms. But if the bug is elsewhere, since it is the same program,
the bug would affect both ciphers, and there is no gain in using cascade.


> If the algorithms are unlikely to be broken but the likelihood of 
> security-impacting software bugs is essentially certain, then
> stacking algorithms would seem to be ill-advised.  Stacking
> algorithms increases the complexity of the code, increases the
> number of keys which must be

  True. If we combine 2 different systems (lets say, winrar and
keepass) would avoid the danger of more bugs, but of course, won't
help with the increase of keys.

  Best Regards

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJQEJH8AAoJEMV4f6PvczxA+C0H/iCHeAdwUTdyUAFFbyHBl0vU
M6eiG3S7vM+QoU5YKFol16IqVBH0rdZpUNFVe0IgWLLX0CPsyaLuMCit2QWUZlYT
eXRV86O2gwPg+qlbd9JNB1gW25otjwJDbCOQckvhz05N/MELSQ0ft7OydiIs45FO
8EM6oxIahiqky8tb3EFm6b0o/JMxkz6rzmi5vojwoDi7PF1p32JO+L6oYw+0nzha
zqlEkg3/ZlRIUGgMdNj/4+ibAw3N4ze6S2pUuw7+yKaXBYAl0yqxv2m/T2PKAV1y
NxqZJHju6154JAxdT4V+pDhGKWIu+a4hwsGye9McBK9m1B4BvkOvkMgdB92keJk=
=fAFT
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list