[Cryptography] how to encrypt for the very long term?
Christoph Anton Mitterer
calestyo at scientia.net
Mon Jul 30 08:18:12 EDT 2018
Hey.
Thanks for your replies so far,... but I think this goes in a
completely wrong direction ;-)
I'm fully aware that only OTP is theoretically fully secure... I was
still talking here about crypto which is practicably usable... also
things like forgetting password goes beyond the scope of the question.
May main point was that e.g. gpg supports only a limited set of
algorithms (e.g. AES, CAMELLIA, TWOFISH) ... and especially it seems
there is no modern key derivation function available, even with the
maximum number of s2k iteration it goes pretty fast.
So what I'd have been looking for was a program which does proper file
encryption,... but supports additionally e.g. SERPENT and Argon2*.
Especially not just some home-brew script using somthing like python-
cryptography,... but something which does everything really properly
(starting from nonce generation, up to padding, etc. pp.)
So far my best solution would be actually to use cryptsetup, which
seems to support all of these (AES, SERPENT, PBKDF2, Argon2*)... yes I
know it's for disk encryption, but since my backup slices would be all
of the same size, I could rather easily just write the file as is
(without any filesystem) into the dmcrypt block device.
Cheers,
Chris.
More information about the cryptography
mailing list