diff options
Diffstat (limited to 'doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment')
| -rw-r--r-- | doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment | 14 |
1 files changed, 0 insertions, 14 deletions
diff --git a/doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment b/doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment deleted file mode 100644 index 1bf550cdf..000000000 --- a/doc/todo/faster_gnupg_cipher/comment_1_8f61f7c724a8224e61c015be68f43db7._comment +++ /dev/null @@ -1,14 +0,0 @@ -[[!comment format=mdwn - username="http://joeyh.name/" - ip="4.152.108.145" - subject="comment 1" - date="2013-08-01T17:10:56Z" - content=""" -There is a remote.name.annex-gnupg-options git-config setting that can be used to pass options to gpg on a per-remote basis. - -> also wonder if using the same symmetric key for many files presents a security issues (and whether using GPG keys directly would be more secure). - -I am not a cryptographer, but I have today run this question by someone with a good amount of crypo knowledge. My understanding is that reusing a symmetric key is theoretically vulnerable to eg known-plaintext or chosen-plaintext attacks. And that modern ciphers like AES and CAST (gpg default) are designed to resist such attacks. - -If someone was particularly concerned about these attack vectors, it would be pretty easy to add a mode where git-annex uses public key encryption directly. With the disadvantage, of course, that once a file was sent to a special remote and encrypted for a given set of public keys, other keys could not later be granted access to it. -"""]] |