A correction:
You could use /dev/urandom to add 1K of random data to the start of your
archive as follows:
head -c 1024 /dev/urandom > NEW
cat ORIGINAL >> NEW
On Wed, 2003-02-19 at 14:18, Arthur Britto wrote:
> Here is an example command to use symmetrical encryption with gpg:
>
> cat passphrase.txt | gpg -c --no-secmem-warning --cipher-algo
> RIJNDAEL256 --command-fd 0 --yes -o OUTPUT INPUT
>
> If you choose a pass phrase you can remember, you need never worry about
> loosing a floppy or piece of paper with a private key.
>
> Having known plain text in the data you encrypt significantly weakens
> your security.
>
> In particular, since you are making multiple files with the same pass
> phrase, having the same known plain text could be particularly bad.
>
> If you are using tar or a similar program to create the file which you
> are backing up, then the back up file will have a fixed sequence of
> characters at the very beginning. This is known plain text.
>
> Unfortunately, I am not able to recall where I heard this and would
> appreciate if anyone can provide the source or refute the following:
>
> To eliminate a weakness with known plain text at the very beginning of a
> file to be encrypted, you can insert a fixed amount of random data
> before the data you are encrypting. When decrypting your data, you
> simply discard the random data after decryption. Ideally gpg would do
> this for you, but I have not checked the program to see if it does this.
>
> Ideally you could use /dev/random for random data, as this provides real
> randomness vs pseudo-randomness of /dev/urandom. Unless you have a real
> random number source, using /dev/random in a script can cause the script
> to hang until enough entropy is collected.
>
> For example, you could use /dev/random if: (1) you are around to move
> the mouse and type keys on the keyboard to generate entropy or (2) you
> have an Intel random number generator your computer and you having
> installed the intel-rng-tools ebuild:
> http://bugs.gentoo.org/show_bug.cgi?id=8997
>
> You could use /dev/urandom to add 1K of random data to the start of your
> archive as follows:
> head -c 1024 /dev/urandom > NEW
> cat INPUT >> OUTPUT
>
> Hope this helps,
>
> Arthur
>
> On Wed, 2003-02-19 at 07:59, Bruno Lustosa wrote:
> > * Michael Jinks <[EMAIL PROTECTED]> [18-02-2003 19:03]:
> > > If what you want is to store a bunch of stuff, for however long, in a
> > > small number of encrypted cpio (or tar or whatever) archives, are there
> > > really going to be so many of them that it justifies a script with a
> > > password in it? And, if you're worried enough about privacy to want to
> > > store your files in an encrypted form, why would you also simultaneously
> > > want to store the key to unlock them in a script on the same system? If
> > > you store the password+script elsewhere, you're back to the same problem
> > > you had with keeping a key on a floppy, only now it's a script instead of
> > > a key.
> >
> > Also, if you think that floppies aren't all that reliable, you could
> > still print (on paper) the ascii armoured private key and store it
> > somewhere safe.
> > In case the floppy doesn't work anymore, you could still get the paper,
> > type it and re-import on gpg. Of course, would be a tedious thing to do,
> > but that's the last resort thing, isn't it?
> >
> > Just my $.02
>
>
> --
> [EMAIL PROTECTED] mailing list
--
[EMAIL PROTECTED] mailing list
