On Thu, Mar 13, 2008 at 04:21:44PM +0100, Johannes Schindelin wrote: > > No, and you wouldn't want to use gpg because of the overhead it adds > > around an encrypted message. > > To the contrary: if your files are small (which they are most likely), you > _want_ the overhead, in order to make the encryption harder to crack. Not necessarily. Using random IVs, random salts, and random padding does increase security. Adding headers to every object that tell which algorithm and parameters were used are nice for interoperability, but don't help with security. Doing per-object asymmetric encryptions (gpg --encrypt without --symmetric) is performance insanity. > AFAICT gpg is a good all-round encryption tool, and reinventing the wheel > just for encrypting things in a git repository just does not cut it. Keep in mind that in the example you posted before, you were not using 99% of gpg. You were just asking it to do a symmetric CBC cipher using a passphrase. So it is overkill for that, but at the same time not actually very flexible for doing those sorts of low-level things. OpenSSL provides a much better toolkit for that. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
