Re: Editing and storing encrypted files

["J.H.M. Dassen \(Ray\)" <jhm@cistron.nl>]

On Wed, Sep 06, 2000 at 17:50:05 -0500, Herbert Ho wrote:
> how about encrypted loopback?  just need the crypto/int'l patch for the
> kernel. no other software.  but then again it doesn't use gpg....

That's not a disadvantage, as encrypted filesystems are a different area
(protect against different threats).

GPG's protocol is designed is for secure (mail) communication over an
unsecure connection. As such it uses public key cryptography (e.g.
Diffie-Hellman) to securely communicate session keys for conventional shared
key cryptography (block ciphers like 3DES and BlowFish).

In the case of encrypted filesystems, the threat you're trying to protect
from isn't having to communicate over an unsecure connection, but primarily
the consequences of someone gaining unauthorised access to a storage device;
there is simply no need for public key cryptography in this case; shared key
cryptography (using passphrases) works fine. The international kernel patch
(packaged as "kernel-patch-int") supports several of the block ciphers used
by gpg and others of comparable or even bigger strength (for example AES
candidates like Serpent, Rijndael and TwoFish).

HTH,
Ray
-- 
Tevens ben ik van mening dat Nederland overdekt dient te worden.