On Sun, Jul 22, 2012, at 16:52, Robert J. Hansen wrote: > On 7/22/2012 12:12 PM, Faramir wrote: > > If your secret key is password protected, placing it inside a keepass > > file would add a second (maybe unneeded) layer of protection, and you > > can chose a different encryption algorithm than GnuPG uses, so if one > > algo gets broken, the other would hold. > > Not necessarily. This idea of 'stacking algorithms improves strength' > is tempting, but it can just as easily reduce strength or do nothing. > > Imagine you have a simple substitution cipher, where each letter gets > moved up three positions in the alphabet (ROT3). Then, in order to make > this 'stronger', you re-encrypt it using ROT5. You're not producing > 'two levels' of encryption which have to be broken individually, you're > producing a single ROT8 encryption and fooling yourself about the level > of security you actually have.
Interesting. But I meant in my original unclear post something along the change of encryption. Moving keys off the keychain into armored text strings pushed as comments into empty or bogus entries into a password vault. > Cryptography is a subtle art, and algorithms interact with each other in > deeply surprising and counterintuitive ways. Before advocating that > algorithms be composed together to achieve certain results, it's good to > make sure that these compositions are cryptanalytically sound. :) Very interesting. So having a keepass database or a gpg keychain on a Truecrypt drive might make them both more vulnerable? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
