On Sun, May 21, 2006 at 04:27:49PM -0500, chrisisbd@leary.csoft.net chrisisbd@leary.csoft.net wrote:
Why is it that *everything* uses some sort of public-key encryption algorithm for storing sensitive data? It's stupid!
OK, it's brilliantly useful for sending data across the internet and so on but for storing one's own sensitive data it is entirely pointless as far as I can see.
For example if I want to store a file with some sensitive data in it and only only want to be able to decrypt it myself then surely anything *but* a public key encryption algorithm makes sense. Essentially a public key algorithm means that there is always a brute force way of getting at the data, it may take more computing power/time than is available but it is in principle possible. Other ways of encrypting can be made essentially uncrackable if you want.
Well, isn't it that case that with any form of encryption you're going to have to store either some meta data to be able to decrypt it (as in the case of gpg --symmetric, which needs no public key...), how does that make it any less easy to crack?
Just because it's called a "public key" doesn't mean that you have to expose it to the wild, if you're only using it yourself, then where's the problem? Anyway - what it boils down to is this, all encrypted data is essentially crackable, it's just the timescale involved. I'm not convinced that the timescale becomes any less insane for public key encyption as apposed to anything else. Of course, the safest encryption methods are immutable, it's a one off shot, you can't get the data back. Oh, and guess what, that's crackable too, by feeding data through the same algorithm until you get a match. Takes some time, yeah, but then if you're doing that style encryption maybe you didn't like your data after all?
Are there any encryption experts here who can persuade me that I'm being silly?
Not an expert, but I'd say that a 2048 bit pgp public key encrypted file would take "quite some time" to decrypt without being given the secret key, and generating the secret key would take "rather a while" from just the data that you can get from things encrypted using the public key.
Cheers, Brett.