Ryan Malayter wrote: > When encrypting to a *.7z file, 7-zip uses AES-256 in CBC mode, with > a passphrase-to-key function based on SHA-256. This is actually > stronger than most cipher preferences on OpenPGP keys.
This may be just my own personal quirk, but it seems misleading to me to describe AES256 as "stronger" than, say, AES128. The threshold just to break AES128 is so immense that it may as well be a brick wall; describing AES256 as "stronger" just means the brick wall is, well, still a brick wall. Once you reach a certain threshold point as far as resistance to brute-force attacks, to really make something "stronger" requires introducing resistance to other kinds of attacks. E.g., I'd say that an 3DES hardware token guarded by a fireteam of armed Marines is far stronger than an AES256 key stored on a PC running unpatched Windows 95 on an always-on unfirewalled Internet connection, despite the fact the AES256 key has about 144 bits more keyspace. Let's just describe 7zip as using strong crypto, and leave it at that. :) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
