PGP 2.6 plain encryption - PGP

This is a discussion on PGP 2.6 plain encryption - PGP ; Hello. Newbie question here. I am using PGP 2.6 with plain encryption (the -c command-line option) to encrypt various files. My question is, to what extent does my choice of passphrase impact my data security? Will the length of the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: PGP 2.6 plain encryption

  1. PGP 2.6 plain encryption

    Hello. Newbie question here.

    I am using PGP 2.6 with plain encryption (the -c command-line option)
    to encrypt various files. My question is, to what extent does my choice
    of passphrase impact my data security? Will the length of the passphrase
    that I choose have a significant impact on the strength of the encryption?

    Thanks
    -Mark



  2. Re: PGP 2.6 plain encryption

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "Mark" wrote in
    news:UrKdnXd5-c5pg83ZRVn-qQ@w-link.net:

    > Hello. Newbie question here.
    >
    > I am using PGP 2.6 with plain encryption (the -c command-line option)
    > to encrypt various files. My question is, to what extent does my choice
    > of passphrase impact my data security? Will the length of the passphrase
    > that I choose have a significant impact on the strength of the
    > encryption?


    You seem to be referring to conventional encryption instead of public key
    encryption. With the conventional encryption, your security is determined
    by the strength of your passphrase. This reference may help regarding
    passphrase strength:
    http://www.pgpi.org/doc/faq/passphrase/

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.6 (Build 6060)
    Comment: My PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBRFAhKWDeI9apM77TAQN2kwf7BSUxqiFdR9zMSC84/x1ygOSz0/j2Ygiu
    pWb9vzrm0uapO4e7ibaOcSMrlyya0x+v/uLKW58sxO3/eU2Gt/Zg/2nHR627PU5p
    Q3wqbQHeBsXz9+sKTugmzpEbSMfrjCfJ6Egt3P6HaIhAk8wPMl pgAsScT/cCkf65
    nHFT5DUNmeUk2LHqk3/9i/GhHAVOiO7ip8l9BAeMLja4g1zMhtgbXxOKZ4ODYpY0
    MW4HbN7Z6CtAEzFNQCw4tm/vk4r0ZMZ+4gYQ6x9lEDuAUwSfqaNDG7c/RE5wtJ6g
    0Yk1RBPqdsjUjkyMYV6Lf986AHQGAVOy8M/Y0hle1WG5xNnbzXISOQ==
    =yKqm
    -----END PGP SIGNATURE-----

  3. Re: PGP 2.6 plain encryption

    "Tom McCune" wrote:
    >
    > You seem to be referring to conventional encryption instead of public key
    > encryption. With the conventional encryption, your security is determined
    > by the strength of your passphrase. This reference may help regarding
    > passphrase strength:
    > http://www.pgpi.org/doc/faq/passphrase/


    Yes, I am using conventional encryption (IDEA, apparently) since I am
    not sending encrypted data to anyone else. Thank you for FAQ. . .as I
    suspected, a simple phrase with a few random numbers tossed in is not
    especially secure.

    I am a bit fuzzy on how PGP 2.6 works with asymmetric keys. My
    current understanding (right or wrong) is that when I encrypt data
    with an asymmetric key, PGP generates a pseudo-random session
    key to encrypt the data with the IDEA algorithm, and then encrypts
    this session key using the asymmetric key that I provided?

    When I created my public/private key pair, I specified 1024 bits.
    I assume that this specifies the size of the asymmetric keys, and has
    no impact on the size of the session keys that PGP will generate
    when I encrypt data with an asymmetric key?

    Thanks
    -Mark




  4. Re: PGP 2.6 plain encryption

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    "Mark" wrote in
    news:1uadnd-1F6PBrs3ZRVn-og@w-link.net:

    > Yes, I am using conventional encryption (IDEA, apparently) since I am
    > not sending encrypted data to anyone else. Thank you for FAQ. . .as I
    > suspected, a simple phrase with a few random numbers tossed in is not
    > especially secure.


    Official builds of PGP 2.6.x use only IDEA for the symmetric encryption.

    > I am a bit fuzzy on how PGP 2.6 works with asymmetric keys. My
    > current understanding (right or wrong) is that when I encrypt data
    > with an asymmetric key, PGP generates a pseudo-random session
    > key to encrypt the data with the IDEA algorithm, and then encrypts
    > this session key using the asymmetric key that I provided?


    You are correct.

    > When I created my public/private key pair, I specified 1024 bits.
    > I assume that this specifies the size of the asymmetric keys, and has
    > no impact on the size of the session keys that PGP will generate
    > when I encrypt data with an asymmetric key?


    You are again correct. IDEA always uses 128 bit keys.

    If you want to use command line PGP, you might want to consider GPG
    instead. It is up to date. The only negative I can think of compared to
    PGP 2.6.x is that by default it does not install IDEA usage (may be a
    backwards compatibility problem if you have IDEA encrypted data).

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.6 (Build 6060)
    Comment: My PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBRFCf+2DeI9apM77TAQP4ZQf/WSV2lsluBfObaqEwArV4vZtOt7un/VQ/
    6htVS9ZpiZ5gSHh+Li8cvNeHkPhIwRR5R+6KKMKdzrb8PqfuSB 8jvBFJSnV3wd0l
    kUjld9bnTAw2C6TO5keZeZllc2nO+hrZUKn0Rx+Ww/kaVnvLLJHm0gprY/GsgH3k
    xSAddBcWqSjAlaCEMfN0Z8DvR0dQt9Ap8TNdvNEHVKslORcPMR GoNr4SAmc7/EDB
    VDvDvYIutavkWgWHhsyRxRLo0YOsJXXCgGxFup8nqMsxXHU1s7 VJv2AOukm0qnGd
    LZuEPuto0764CsmyFczqyh88IH1L7g+l2trL0GWubnL/UlxQJCNPSQ==
    =i3aK
    -----END PGP SIGNATURE-----

+ Reply to Thread