[jp] Tips for encrypting strategies?

Ralph Alvy ralph at ralphalvy.com
Thu Nov 23 23:14:37 EST 2006

Jochen Hoenicke wrote:
> 2006/11/22, Ralph Alvy <ralph at ralphalvy.com>:
>> I use Keyring and Note Studio for my encrypted notes that have critical
>> data. Note Studio is supposed to have quite strong encryption:
>> "Note Studio uses a form of encryption called 3-Way Encryption. This is
>> a very secure encryption. There is no known, practical way to crack this
>> encryption. A mathematical method of breaking 3-way encryption has been
>> proposed, but this method required a bank of super computers and a long
>> time (years)."
>> I've always wondered how strong Keyring encryption is. Anyone know?
> As a co-author of Keyring I know it, of course.  The details are on the homepage
> http://gnukeyring.sf.net/crypto.html
> In short, keyring-1.2.3 uses triple des (to be more exact 2-TDES in
> ECB mode).  It has a key length of 112-bits. According to wikipedia
> there are "certain chosen-plaintext or known-plaintext attacks and
> thus it is officially designated to have only 80-bits of security". It
> is probably not feasible, as it requires too much known-plaintext,
> though.
> 3-way has 96-bits key-length.  There is a related key cryptanalysis,
> but this is probably not feasible for this application.
> Both methods cannot be broken even by the current computing power
> (e.g. distributed.net) within the next decade (even considering
> Moore's Law).
> As always, it is not as simple as this.  You also have to consider how
> the encryption key is generated from password, which encryption mode
> you use (block ciphers always have ECB,CBC,OFB and CFB modes), and how
> the IV is generated. Also the security provided by the encryption
> cannot be better than your password. Furthermore, data may be leaked
> by operating system or by a trojan application, there are side-channel
> attacks, e.g. if you use keyring very much, some characters may be
> permanently scratched into the Graffiti area.
> The keyring-2.0 pre-release has stronger encryption using full 3-TDES
> or AES with 128-256 bits (at user's choice) and better encryption key
> generation.  However, this release is not supported by jpilot, yet.

Very helpful. The chart on that web page was even more helpful.

More information about the Jpilot mailing list