On Thu, Jul 14, 2011 at 4:58 AM, Jerome Baum <jer...@jeromebaum.com> wrote:
> On the manifest file, if you're hashing the encrypted files then it's > really useless (the attacker can just re-hash and re-encrypt for the > manifest file). Yes, Duplicity uses these message digests only as a checksum, to make sure corruption didn't occur during network transfer (i.e., nothing cryptographic). Thanks for the help. I'm just going to get used to entering my passphrase a little more! Cheers Chris Poole [PGP BAD246F9] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users