> On 5 Aug 2016, at 18:40, Ben Lindstrom <mouring@xxxxxxxxxxxxxx> wrote: > > The downside to this approach is your using keys created for signing for encryption now. Which > means you've leaked additional information about the key material. Thus slightly weakening the > security of your key. > > Which isn't really a smart thing to do. I've not looked deeply at Colin's code, but it seems to be creating a random symmetric key and only encrypting that. It's not (directly) encrypting the files (that's done with the symmetric key). If that's the case, a plaintext attack etc. is going to be pretty hard, because the only thing the key is used for is encrypting a large random number. I think that's actually pretty safe (signing is after all encrypting the result of a hash function), but no doubt more experienced cryptographers can comment. -- Alex Bligh _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
