科技回声

9 条评论

jph超过 8 年前

For GPG symmetric encryption, the kind the article describes, here are the best options I've found for my typical case:<pre><code> gpg --symmetric \ --cipher-algo aes256 \ --digest-algo sha256 \ --cert-digest-algo sha256 \ --compress-algo none -z 0 \ --quiet --no-greeting \ --no-use-agent "$@" </code></pre> I keep this command here:<pre><code> https://github.com/SixArm/gpg-encrypt </code></pre> The options are chosen to balance tradeoffs of convenience, strength, and portability.

评论 #13383786 未加载

评论 #13383687 未加载

评论 #13383467 未加载

评论 #13388869 未加载

评论 #13385933 未加载

评论 #13386091 未加载

评论 #13383883 未加载

评论 #13386983 未加载

rdslw超过 8 年前

If we're talking about GPG, please pay attention to <a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a> which is really cool, open source password manager built on GPG.

评论 #13386523 未加载

评论 #13385532 未加载

评论 #13385971 未加载

评论 #13387459 未加载

RJIb8RBYxzAMX9u超过 8 年前

Unless compatibility with gpg is a requirement, I think scrypt[0] is a much simpler tool for file encryption. The utility is meant to showcase the KDF of the same name. It's very simple and has virtually no parameters. So:<pre><code> $ xz -k elrond_minutes.txt $ scrypt enc elrond_minutes.txt.xz elrond_minutes.txt.xz.enc $ signify -S \ -s vilya.key \ -m elrond_minutes.txt.xz.enc \ -x elrond_minutes.txt.xz.enc.sig $ rm elrond_minutes.txt{,.xz} </code></pre> Signing the final output is probably extraneous; I think scrypt uses a HMAC. This involves invoking multiple tools, but since each tool only does one thing it's much easier to reason about, and I prefer this over using an omnibus tool like gpg.[0] <a href="https://github.com/Tarsnap/scrypt" rel="nofollow">https://github.com/Tarsnap/scrypt</a>

评论 #13388104 未加载

parfe超过 8 年前

>We suggest that you include five words of 5-10 letters in size, chosen at random, with spaces, special characters, and/or numbers embedded into words.>You need to be able to recall the passphrase that was used to encrypt the file.Why bother writing security guidelines which are impossible for a human to follow?edit: Try recalling any passphrases generated by the command below, and that's before the random sprinkling of punctuation.<pre><code> grep -E "^[a-z]{5,10}$" /usr/share/dict/words | shuf -n5 | tr '\n' ' '</code></pre>

评论 #13383910 未加载

评论 #13383230 未加载

评论 #13384197 未加载

评论 #13384998 未加载

oripel超过 8 年前

Key stretching is critical for password-based encryption, and gpg's s2k options are vulnerable to GPU acceleration. Command-line tools to encrypt with bcrypt/scrypt are common and may be a better option.

kondbg超过 8 年前

Is there a benefit in using symmetric encryption vs specifying yourself as a recipient?

SeaDude超过 8 年前

The HECC site here is one of the best support sites i've ever seen. Very logically laid out KB, news, ask a question, etc.thanks for the link

woliveirajr超过 8 年前

There's the [2015] which should be included.

评论 #13385055 未加载

discreditable超过 8 年前

Why would they not use asymmetric encryption?

评论 #13383550 未加载

评论 #13383211 未加载

评论 #13383329 未加载

评论 #13383248 未加载

9 条评论

jph超过 8 年前

评论 #13383786 未加载

评论 #13383687 未加载

评论 #13383467 未加载

评论 #13388869 未加载

评论 #13385933 未加载

评论 #13386091 未加载

评论 #13383883 未加载

评论 #13386983 未加载

rdslw超过 8 年前

评论 #13386523 未加载

评论 #13385532 未加载

评论 #13385971 未加载

评论 #13387459 未加载

RJIb8RBYxzAMX9u超过 8 年前

评论 #13388104 未加载

parfe超过 8 年前

评论 #13383910 未加载

评论 #13383230 未加载

评论 #13384197 未加载

评论 #13384998 未加载

oripel超过 8 年前

kondbg超过 8 年前

Is there a benefit in using symmetric encryption vs specifying yourself as a recipient?

SeaDude超过 8 年前

The HECC site here is one of the best support sites i've ever seen. Very logically laid out KB, news, ask a question, etc.thanks for the link

Using GPG to Encrypt Your Data

9 条评论

Using GPG to Encrypt Your Data

9 条评论