On 28/08/12 08:37, [email protected] wrote: > break: RNG, asymmetric and symmetric cipher, while the symmetric > has only one: symmetric cipher.
When using OpenPGP, add RNG back to the list: the passphrase is only used to encrypt the randomly generated session key that encrypts the data. And in all cases, add some form of resisting tampering, i.e., a hash. Furthermore, if you're going to reject hybrid crypto as used in OpenPGP as too fragile, you might be better off migrating to a different planet :). Apparently you have such capable adversaries in your threat model that living on our planet might be a tad too dangerous for you :). Peter. PS: Let's not argue based on that last statement, it was well tongue-in-cheek with just a kernel of truth. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
