Christian Holler wrote: > I have been reading the README for loop-aes and read that it is more > secure to use multi-key mode with gpg encrypted random passwords than > using a single key directly... But what kind of gpg key is suggested > for this encryption? I created a 4096 bit RSA key with a 4096 bit RSA > subkey for encryption. Is this setup secure/suggested? I believe it to be secure. 3072 bit RSA is equivalent to AES-128 strength. If I remember correctly, NSA does not recommend RSA for U.S. government use. They seem to prefer ECC. If adversary has access to your public key and passphrase encrypted private key, then key file encrypted using symmetric-cipher-only may be little bit more secure. If adversary does not have access to your public/private keys, then RSA encrypted key file is more secure. Human memorizable passphrase is usually the weakest link. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
