Pages:
Author

Topic: GnuPG versus TrueCrypt - page 4. (Read 28803 times)

hero member
Activity: 588
Merit: 500
June 13, 2011, 09:16:36 AM
#30
You do not have to print your encrypted file and scan it in later. However, plain paper is the most durable medium available for long-term data storage, so it will be useful in some circumstances.
member
Activity: 115
Merit: 11
I like long walks on the beach, shaving my head...
June 13, 2011, 09:05:32 AM
#29
Oh my but I must lament once again how horrible this wallet problem is! Bitcoin's reputation is going to get creamed in the media until this is solved. You brilliant tech heads have a monster by the tail. So now let me slog through one of your opaque posts here, parsing and probing to uncover the nugget of truth for the uninitiated (like ME) to put to use...


How to use GPG?

Code:
gpg --compress-algo BZIP2 --bzip2-compress-level 9 --encrypt -a -o text_crypt_wallet.txt wallet.dat

This will compress and then encrypt your wallet using your private GPG key.

Whoa there! I have used gpg in thunderbird to encrypt email but using it in my operating system is new to me because for one thing, at what point did I generate a key pair? Where is this private key?  Another observation is that though you criticize truecrypt, at least it has a visual interface instead of this command line shit. Sorry if this offends...

The -a flag tells gpg to give you ascii-armored (printable) output. The -o flag tells gpg to name the output file "text_crypt_wallet.txt". You can then print this out. The file will look something like this:
.
.
.
Make sure the font is OCR-readable (http://en.wikipedia.org/wiki/Optical_character_recognition) and large enough to avoid scanning and transcription errors. Also, make sure to keep track of page numbers.

If you don't have a GPG key,

Whoa there!  What do you mean?  Why would I just happen to HAVE a GPG key?  Where would it come from? But not having to mess with keypairs is an advantage anyway.


To recover the wallet, you can scan the document and OCR it to a file. Then decrypt it:

Code:
gpg --decrypt -o wallet.dat scanned_text_file.txt

So I now need to scan a printout with character recognition software....you truly live in a different world than most people. No offense you brilliant tech head but this situation is terrible.
sr. member
Activity: 350
Merit: 251
June 13, 2011, 08:53:17 AM
#28
aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

I have only used gpg4win via cmd.exe. No problems for me. Running windows is another issue altogether...

Of course, use whatever tools you are most comfortable with. Just realize that not all crypto is created equal. Caveat emptor. When wallets start holding tens of thousands of dollars worth of BTC, I would not trust an archiver.

when the stakes are that high i would not either.

i would have all my coins split into 3 separate wallets on 3 separate servers on 3 separate continents.
sr. member
Activity: 252
Merit: 250
June 13, 2011, 08:43:32 AM
#27
aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

I have only used gpg4win via cmd.exe. No problems for me. Running windows is another issue altogether...

Of course, use whatever tools you are most comfortable with. Just realize that not all crypto is created equal. Caveat emptor. When wallets start holding tens of thousands of dollars worth of BTC, I would not trust an archiver.
sr. member
Activity: 252
Merit: 250
June 13, 2011, 08:38:44 AM
#26

What exactly did you test? Why should an attacker try to decrypt the 7zip-file to get the password? There are certainly better ways!
Bruteforce cracking. 5 chars alphanumeric passwords.

This is trivial to bruteforce (~1.0e8 possibilities). Get yourself a longer password.
full member
Activity: 168
Merit: 103
June 13, 2011, 08:33:06 AM
#25
Bruteforce cracking. 5 chars alphanumeric passwords.

There are several ways of brute force cracking. Did you call the 7z-extractor for each password? No attacker would do that!

Have you tried this?
http://sourceforge.net/projects/sevenzcracker/files/
or this?
http://sourceforge.net/projects/rarcrack/files/rarcrack-0.2/%5BUnnamed%20release%5D/

Send me an archive with 5 alphanumeric characters, I could crack it today! (Somebody who would put some effort in writing his own 7zip-tools would be much faster.)
legendary
Activity: 1442
Merit: 1005
June 13, 2011, 08:30:18 AM
#24
whats wrong with 7zip and use a password with a .7z archive?
Nothing. As long as you use AES-256 and encrypt the file listing too.

It's not enough to use AES256, you have to use it without flaws.
I have tried to crack one of my passwords on a 7-zip container just for fun. I had a 3 keys/second generation performance for a 5000 MIPS CPU. Even a 5 chars password would take 20 years to crack my that CPU. Since you could use GPUs, you could lower that to maybe 2 months? Just to break a wallet. I suppose it should have more than 50 BTC to be worth it...

Use a sufficiently long password and you should be ok for now. It's an easy method of saving your wallet as it doesn't require you to store keys and whatnot.

What exactly did you test? Why should an attacker try to decrypt the 7zip-file to get the password? There are certainly better ways!
Bruteforce cracking. 5 chars alphanumeric passwords.
full member
Activity: 168
Merit: 103
June 13, 2011, 08:21:09 AM
#23
I wasn't aware of that, I have had no Windows for years now.

7zip seems to use AES256, that may be ok. But you have to choose a strong password, the 5 characters, that somebody suggested, are way too small. I am talking about 12 or more charakters, which are from different types and are not corresponding with dictionary words or keyboard patterns.
sr. member
Activity: 350
Merit: 251
June 13, 2011, 08:17:20 AM
#22
aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

there's nothing i hate more than good software that crashes.
sr. member
Activity: 420
Merit: 250
June 13, 2011, 08:13:35 AM
#21
aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.
sr. member
Activity: 350
Merit: 251
June 13, 2011, 08:10:50 AM
#20
whats wrong with 7zip and use a password with a .7z archive?

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

it would be nice if you said why 7zip is no good, pgp was designed to send data securely, so using it for personal secure storage seems redundant to me. the only use i see pgp for is sending a file to someone else to prevent interception both ways, in this case 7zip would be no good unless the password was given in person, but pgp is good because its like sending an unlocked padlock for the other person to...wait you all probably know this story.

GPG does also provide encryption of files with symmetric algorithms and passwords. You don't have to use public key crypto for that application.

Then why use GPG if you end up only needing a password.

You can use it with or without a public/private key pair. You can use it for files, emails, digital signatures, etc. It is a more flexible tool which you are almost certainly going to need anyways to take full advantage of the bitcoin economy. It also works reliably across basically all platforms.

OpenPGP is a real standard, which stipulates not only the ciphers (AES128, AES256, etc) but also the modes (ECB, CBC, etc). There is no RFC standard for the crypto in tools like 7zip. The way the ciphers are implemented is as important as the cipher itself. Like I said above, there is a reason why GnuPG is such a highly-regarded encryption suite.

7zip is just not a tool designed for encryption. GPG is.

i use windows, and gpg is mostly Linux, i did get it to work when i was using it a month or so back, but it generally was an unstable piece of software, it crashed often when certain functions were used, it was not my machine either because i used it inside a VM as well. 7zip on the other hand work flawlessly and decompresses almost all archive types. and you also have to take into account for how long the data needs to be kept safe.  even if it is only good for a month, its still good enough because i don't have the same wallet for that long. in the case of bitcoin you have another factor as well, the keys used for the wallet may actually be less secure or take less time to crack than the encryption on the wallet.
full member
Activity: 168
Merit: 103
June 13, 2011, 08:06:10 AM
#19
whats wrong with 7zip and use a password with a .7z archive?
Nothing. As long as you use AES-256 and encrypt the file listing too.

It's not enough to use AES256, you have to use it without flaws.
I have tried to crack one of my passwords on a 7-zip container just for fun. I had a 3 keys/second generation performance for a 5000 MIPS CPU. Even a 5 chars password would take 20 years to crack my that CPU. Since you could use GPUs, you could lower that to maybe 2 months? Just to break a wallet. I suppose it should have more than 50 BTC to be worth it...

Use a sufficiently long password and you should be ok for now. It's an easy method of saving your wallet as it doesn't require you to store keys and whatnot.

What exactly did you test? Why should an attacker try to decrypt the 7zip-file to get the password? There are certainly better ways!
sr. member
Activity: 252
Merit: 250
June 13, 2011, 07:53:37 AM
#18
whats wrong with 7zip and use a password with a .7z archive?

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

it would be nice if you said why 7zip is no good, pgp was designed to send data securely, so using it for personal secure storage seems redundant to me. the only use i see pgp for is sending a file to someone else to prevent interception both ways, in this case 7zip would be no good unless the password was given in person, but pgp is good because its like sending an unlocked padlock for the other person to...wait you all probably know this story.

GPG does also provide encryption of files with symmetric algorithms and passwords. You don't have to use public key crypto for that application.

Then why use GPG if you end up only needing a password.

You can use it with or without a public/private key pair. You can use it for files, emails, digital signatures, etc. It is a more flexible tool which you are almost certainly going to need anyways to take full advantage of the bitcoin economy. It also works reliably across basically all platforms.

OpenPGP is a real standard, which stipulates not only the ciphers (AES128, AES256, etc) but also the modes (ECB, CBC, etc). There is no RFC standard for the crypto in tools like 7zip. The way the ciphers are implemented is as important as the cipher itself. Like I said above, there is a reason why GnuPG is such a highly-regarded encryption suite.

7zip is just not a tool designed for encryption. GPG is.
legendary
Activity: 1442
Merit: 1005
June 13, 2011, 07:52:44 AM
#17
whats wrong with 7zip and use a password with a .7z archive?
Nothing. As long as you use AES-256 and encrypt the file listing too.

It's not enough to use AES256, you have to use it without flaws.
I have tried to crack one of my passwords on a 7-zip container just for fun. I had a 3 keys/second generation performance for a 5000 MIPS CPU. Even a 5 chars password would take 20 years to crack my that CPU. Since you could use GPUs, you could lower that to maybe 2 months? Just to break a wallet. I suppose it should have more than 50 BTC to be worth it...

Use a sufficiently long password and you should be ok for now. It's an easy method of saving your wallet as it doesn't require you to store keys and whatnot.
full member
Activity: 168
Merit: 103
June 13, 2011, 07:48:07 AM
#16
whats wrong with 7zip and use a password with a .7z archive?

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

it would be nice if you said why 7zip is no good, pgp was designed to send data securely, so using it for personal secure storage seems redundant to me. the only use i see pgp for is sending a file to someone else to prevent interception both ways, in this case 7zip would be no good unless the password was given in person, but pgp is good because its like sending an unlocked padlock for the other person to...wait you all probably know this story.

GPG does also provide encryption of files with symmetric algorithms and passwords. You don't have to use public key crypto for that application.

Then why use GPG if you end up only needing a password.

Because it is known to use well known algorithms properly, and it is way simpler (by this I mean how it works, not only how to use it) than TrueCrypt.* Read the OP, please.
sr. member
Activity: 350
Merit: 251
June 13, 2011, 07:42:32 AM
#15
whats wrong with 7zip and use a password with a .7z archive?

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

it would be nice if you said why 7zip is no good, pgp was designed to send data securely, so using it for personal secure storage seems redundant to me. the only use i see pgp for is sending a file to someone else to prevent interception both ways, in this case 7zip would be no good unless the password was given in person, but pgp is good because its like sending an unlocked padlock for the other person to...wait you all probably know this story.

GPG does also provide encryption of files with symmetric algorithms and passwords. You don't have to use public key crypto for that application.

Then why use GPG if you end up only needing a password.
full member
Activity: 168
Merit: 103
June 13, 2011, 07:36:05 AM
#14
whats wrong with 7zip and use a password with a .7z archive?

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

it would be nice if you said why 7zip is no good, pgp was designed to send data securely, so using it for personal secure storage seems redundant to me. the only use i see pgp for is sending a file to someone else to prevent interception both ways, in this case 7zip would be no good unless the password was given in person, but pgp is good because its like sending an unlocked padlock for the other person to...wait you all probably know this story.

GPG does also provide encryption of files with symmetric algorithms and passwords. You don't have to use public key crypto for that application.
hero member
Activity: 504
Merit: 502
June 13, 2011, 07:35:50 AM
#13
While we're on this subject; here's the script I call from a cron job, in case it is of use to others...

Code:
#!/bin/sh

DATESTAMP="$(date +%Y%m%d)"
TEMPWALLET="$(mktemp)"
WALLET_E="${HOME}/bitcoinwallet-$DATESTAMP.dat.gpg"

if [ -e "${WALLET_E}" ]; then
    echo "$WALLET_E already exists"
    exit 1
fi

echo " - Obtaining wallet from bitcoin server to ${TEMPWALLET}"
bitcoind backupwallet "${TEMPWALLET}"

# check for failure
if [ ! -e "${TEMPWALLET}" ]; then
    echo "Server didn't create the requested backup"
    exit 2
fi

echo " - Encrypting wallet $(md5sum ${TEMPWALLET})to ${WALLET_E}"
gpg --output "${WALLET_E}" --encrypt "${TEMPWALLET}"

echo "Removing temporary plain text copy of wallet"
rm -f "${TEMPWALLET}"

It's not ideal because of the use of a temporary; but I don't know a way of getting bitcoind to dump to standard out.
sr. member
Activity: 350
Merit: 251
June 13, 2011, 07:33:41 AM
#12
whats wrong with 7zip and use a password with a .7z archive?

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

it would be nice if you said why 7zip is no good, pgp was designed to send data securely, so using it for personal secure storage seems redundant to me. the only use i see pgp for is sending a file to someone else to prevent interception both ways, in this case 7zip would be no good unless the password was given in person, but pgp is good because its like sending an unlocked padlock for the other person to...wait you all probably know this story.
full member
Activity: 168
Merit: 103
June 13, 2011, 07:30:59 AM
#11
whats wrong with 7zip and use a password with a .7z archive?
Nothing. As long as you use AES-256 and encrypt the file listing too.

It's not enough to use AES256, you have to use it without flaws.
Pages:
Jump to: