diff options
| author |  http://joeyh.name/ <http://joeyh.name/@web> | 2013-08-01 17:10:56 +0000 |
|---|---|---|
| committer |  admin <admin@branchable.com> | 2013-08-01 17:10:56 +0000 |
| commit | 92a91b3aaa476a0089251bc1d9f5ae2a06b797da (patch) | |
| tree | 5be44134aa91f7295102a2cd28cc2fc3e87d1f67 /doc/todo | |
| parent | 06f009bfc587326f79e5c15ef3ad8f5e7a6a0bba (diff) | |
Added a comment
Diffstat (limited to 'doc/todo')
| -rw-r--r-- | doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment b/doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment new file mode 100644 index 000000000..1bf550cdf --- /dev/null +++ b/doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment @@ -0,0 +1,14 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="4.152.108.145" + subject="comment 1" + date="2013-08-01T17:10:56Z" + content=""" +There is a remote.name.annex-gnupg-options git-config setting that can be used to pass options to gpg on a per-remote basis. + +> also wonder if using the same symmetric key for many files presents a security issues (and whether using GPG keys directly would be more secure). + +I am not a cryptographer, but I have today run this question by someone with a good amount of crypo knowledge. My understanding is that reusing a symmetric key is theoretically vulnerable to eg known-plaintext or chosen-plaintext attacks. And that modern ciphers like AES and CAST (gpg default) are designed to resist such attacks. + +If someone was particularly concerned about these attack vectors, it would be pretty easy to add a mode where git-annex uses public key encryption directly. With the disadvantage, of course, that once a file was sent to a special remote and encrypted for a given set of public keys, other keys could not later be granted access to it. +"""]] |