[SOLVED] How secure is GPG?

[Rytron]

How secure is GPG? Is it Hardware proof & US DoD standard?

I refer to using GPG in this way and not with public keys(haven't figured out yet public keys):

Code:

gpg -c filename

Any ideas welcome. Thanks.

[F4l3]

In every case you create and use public keys .

Actually GPG have never been broken and is an asymmetric cryptation system.
Right now is impossible to say how much is secure, and this will be until someone will be able to break it. If you want be more sure, you can create longher keys (ie 2048).

[Dr Small]

If you are still interested, stop by and read my Beginners Guide to GnuPG:
http://ubuntuforums.org/showthread.php?t=680292

[kevdog]

GPG can work with asymmetric and symmetric keys. Symmetric keys are otherwise known as a password -- ie gpg can use a symmetric cipher to encrypt a file and later decrypt the file use the same password. GPG with the use of asymmetric keys (the GPG use most people think of) actually uses a combination of asymmetric and symmetric methods. The asymmetric key is used to encrypt a randomly generated session key. The session key on the otherhand is the password, used for the symmetric encrypting of the contents of the email, file, etc. With decryption, the other private encryption key decrypts the session key, which in turn decrypts the letter,file contents.

How secure is GnuPG? Who really knows? Only the NSA knows for sure -- and you think they would tell us? By best accounts from the world's leading mathematicians however, the algorithms used with GnuPG today would take the best computer, many years to break (if at all). Again however, the downside of gnupg, is the loss of the password, or private keys. Its much easier for a rogue per se to do something to obtain the keys through subversive another process, than break the underlying algorithm. This topic has been brought up many times on the gnupg mailing list!

[AndyCee]

GPG, replaces PGP.

How good?
By definition: "Pretty Good".

But Kevdog, isn't GPG open-source? Why do you say "Only the NSA knows"?

[Dr Small]

GPG, replaces PGP.

How good?
By definition: "Pretty Good".

But Kevdog, isn't GPG open-source? Why do you say "Only the NSA knows"?

I thought I read somewhere awhile back that it is possible that the NSA has a backdoor in GPG 1.5

[kevdog]

GnuPG is open source, PGP is not. GnuPG did not replace PGP, PGP is very much alive: http://www.pgp.com/. Both adhere to the OpenPGP standard (which is a minimum). Both however do things differently by choosing different default algorithms, hashes, etc. plus additional added features not specified by the OpenGPG standard.

If the NSA does have a backdoor in Gnupg 1.5 that would be the first I know about it. Its possible, however the code is after all opensource. By meaning a backdoor, could you be more specific? I've never heard Werner Koch address these rumors. If you know a link I'll post the question on the gpg mailing list (and likely be taken to task by Robert Hansen --- however its always fun to bring up controversy!)

[Dr Small]

I probably read about it on Slashdot awhile back (like that means anything...). I can't find any links to it, so it was probably just a rumor I read anyhow.

[kevdog]

Not that this is the best source -- I found it like the 4th link on Google: http://www.wilderssecurity.com/showthread.php?t=199105

Its apparently related to PGP -- whole disk encryption -- and is really second or backup password. I'm not sure this counts as a backdoor, but some find it objectionable.

Again GnuPG has no such mechanism.

[abiallan007]

Use public keys every where