>Personal backup encryption with a long-lived key, passphrase-protected private key, and offline ...

stackghost • yesterday at 4:29 AM • 1 reply • view on HN

>Personal backup encryption with a long-lived key, passphrase-protected private key, and offline storage is a legitimate threat model

... If you're going to use a passphrase anyway why not just use a symmetric cipher?

In fact for file storage why not use an encrypted disk volume so you don't need to use PGP?

Replies

johnisgood • yesterday at 7:57 AM

That was just me being goofy in that bit (and only that), but I hope the rest of my message went across. :)

> In fact for file storage why not use an encrypted disk volume so you don't need to use PGP?

Different threat models. Disk encryption (LUKS, VeraCrypt, plain dm-crypt) protects against physical theft. Once mounted, everything is plaintext to any process with access. File-level encryption protects files at rest and in transit: backups to untrusted storage, sharing with specific recipients, storing on systems you do not fully control. You cannot send someone a LUKS volume to decrypt one file, and backups of a mounted encrypted volume are plaintext unless you add another layer.

➕ show 1 reply

alt Hacker News

Replies