Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have some job related files I have already compressed with 7Z. I have protecte

ID: 660177 • Letter: I

Question

I have some job related files I have already compressed with 7Z.

I have protected each with good 10 character passwords consisting of upper, and lower cases, numbers and special characters.

And I have enabled header encryption of the filenames.

I am not yet concerned about the physical security of my system or side channel attacks, but I have heard that GPUs are getting faster at bruteforcing even complex passwords.

Another lesser concern is that the implementation of AES in 7Z might be vulnerable.

But what if I encrypt the files with another symmetric cipher?

My theory is that such a setup keeps me secure even if an adversary succeeds in bruteforcing the outer envelope or exploits a weakness in 7Z's implementation of AES.

What's your take on the following method:

7za a -p -mhe myarchive.7z myfiles

gpg --output myarchive.pgp --symmetric myarchive.7z

I have read about meet in the middle attacks, but so far I understand the risk, it's only an issue if the adversary is able to reduce the key space by trying to decrypt key1 and key2 simultaneously.

But will this be an issue if the outer envelope doesn't give any clues as to how the next layer is encrypted?

Explanation / Answer

Using a second layer of symmetric encryption prevents the secret data from being revealed if only a single layer is broken.

However, I don't think this is the smartest way to counter potential massive GPU brute-forcing attacks - what actually helps against them are three things:

ensure the password is recursivle hashed multiple times, as often as possible to not make the encryption scheme impossible. This considerably slows down brute force attacks.

PBKDF2 provides all of the above features, but scrypt (which I would recommend over the other if you are that concerned over the security of your data) adds the additional one:

So, I would look out for a good (read: used by others already with good reviews) open/free source implementation of an encryption program using scrypt. AFAIR GnuPG only supports PBKDF2, which is pretty good, but not as good as scrypt, which is its main deficiency.

Related Questions

I have solved part b, but i am stuck on part a, .14 isnt correct, can someone pl
Question #2278589
I have solved parts a & b already. A 5.5 kg object moving in the +x direction at
Question #2195419
I have solved the first part and am just looking for help with the second part,
Question #2822928
I have solved the first part and am just looking for help with the second part,
Question #2822956
I have solved the part (a) and part(b). But really stucked on part(c) even after
Question #3176130
I have some C++ code that is right programatically and will give the right outpu
Question #3886665
I have some C++ code that is working programmatcially but will not populate the
Question #3886798
I have some Info but need help with this part. Please help edit and update libra
Question #3691797

Navigate

Previous
I have some issues/problems that I\'m not quit getting it. Please someone check
Next
I have some journal entries but I am not sure if they are right. here is the inf