Title: File Security Question Post by: c789 on June 15, 2015, 05:39:20 AM Let's say I have several wallet.dat files in a 2MB TrueCrypt vault. I'm somewhat sketchy on TrueCrypt's security, so if I encrypted the TrueCrypt file itself with:
Code: gpg -c --cipher-algo AES256 trueCryptFile.file ...does that pretty much guarantee that my wallets can't be cracked?
My intentions are to upload the the gpg-encrypted TrueCrypt vault to several different servers over sftp. There is some risk of someone getting the encrypted file, one of which is because the servers are VPSs. Please, let's not get into whether or not TrueCrypt is safe. All I know is that questions were raised but nobody has definitively proven it to be unsafe. I just want to know how hard it would be for someone to crack my wallet files given these 3 levels of encryption. Title: Re: File Security Question Post by: Lauda on June 15, 2015, 09:38:00 AM The story with TrueCrypt is a bit of a mystery. It was allegedely safe and even recommended by Snowden until a certain point in time.
Read this (http://www.forbes.com/sites/runasandvik/2014/05/28/encryption-tool-endorsed-by-snowden-abruptly-shuts-down/) and this (http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/). AFAIK GPG encryption is very strong and it's usually the password that is the weakest link. Someone recommend using this: Code: gpg -c --force-mdc --s2k-mode 3 --s2k-count 65011712 personal.zip So it really depends on your password. It's not really about the length but the quality; Something like this: mypasswordis123andisveryweak (28 characters); is always going to be weaker than: i=4Ma(r*2sAm!@Hf2z4 (19). You should also read this (http://www.reddit.com/r/linux/comments/1l097o/gpg_encryption_strength/). Title: Re: File Security Question Post by: c789 on June 15, 2015, 02:12:28 PM Good tips - thanks, LaudaM.
|