Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On August 13, 2013, Richard Pieri wrote: >GPG doesn't work that way[...] >When you encrypt a message, the encryption engine generates a random >session key. This session key is used to encrypt the message using a >symmetric cipher (GnuPG uses CAST-128 by default). The session key is >then encrypted with the public half of your recipient's asymmetric key >pair and attached to the message. Thanks. I'll try to be a little more precise with my question. I have a 4096-bit GPG-generated DSA key pair. I use it to encrypt a file Foo for myself. (Or as you say, file Foo gets encrypted with a random session key, which is then encrypted with the public half of my key pair.) In the absence of the 4096-bit private half of my key, how hard is it to decrypt the session key by brute force and thereby decrypt file Foo? Do the time arguments from this KeePass discussion apply? -- Dan Barrett dbarrett at blazemonger.com
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |