On 7/22/2012 12:12 PM, Faramir wrote: > If your secret key is password protected, placing it inside a keepass > file would add a second (maybe unneeded) layer of protection, and you > can chose a different encryption algorithm than GnuPG uses, so if one > algo gets broken, the other would hold.
Not necessarily. This idea of 'stacking algorithms improves strength' is tempting, but it can just as easily reduce strength or do nothing. Imagine you have a simple substitution cipher, where each letter gets moved up three positions in the alphabet (ROT3). Then, in order to make this 'stronger', you re-encrypt it using ROT5. You're not producing 'two levels' of encryption which have to be broken individually, you're producing a single ROT8 encryption and fooling yourself about the level of security you actually have. Cryptography is a subtle art, and algorithms interact with each other in deeply surprising and counterintuitive ways. Before advocating that algorithms be composed together to achieve certain results, it's good to make sure that these compositions are cryptanalytically sound. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
