Open FiloSottile opened 2 years ago
This is a little awkward for me because just yesterday I was experimenting with using securely-generated long random passphrases with a minimal work factor to speed up decryption. (I'm storing age-encrypted files on a remote file host that I don't want to trust plaintexts to, and I'm using a reverse HTTP proxy that transparently decrypts the files while fetching them, similar to https://github.com/str4d/rage/pull/233. Recipient-based encryption would have mostly worked for my use-case, but I prioritized passphrase-based because of long-term quantum resistance, and partly because it verifies the files as coming from me, but for that maybe it'd be better if I was using some kind of asymmetric signing outside of age so that the signing is done by a key of mine that the reader program doesn't have.)
It would help my use-case if there's a way to opt out in the CLI from the enforced minimum work factor during decryption, or if there was some other supported way to do symmetric encryption within age that didn't involve work factors (like symmetric key file support or some kind of plugin support that could implement symmetric key files; is this already supported?).
(I was considering making a feature request that files encrypted with an autogenerated passphrase should have a minimal work factor by default because a high work factor seems unnecessary in that case, but then I realized it would awkwardly mean that files with a high work factor are announcing themselves as having weak passphrases.)
@Macil thank you for all the details about the use case, this is really helpful in setting direction.
Here is some stuff we are working that will probably help address your use case:
Defaulting autogenerated passphrases to a low work factor is an interesting thought, but I think you might be right that it's not worth the unexpected privacy leak and the complexity.
Discussed in https://github.com/FiloSottile/age/discussions/413