On a scale of 1-10 how secure do you thing a pgp encrypted file be stored in ipfs?
If it’s encrypted, that should be quite safe. But I think you have an misunderstanding on “stored” in IPFS. If you are the only one who knows the file then no one will host/store/cache this file for you in IPFS network.
since using IPFS I have seen some things get cached or pinned in other gateways and kinda figured this type of service will show up later in IPFS when filecoin comes out. Just wondered about the security part and wanted to get some opinions or ideas from the group.
I think the answer is that the file would be about as secure as if it was stored anywhere else that someone could potentially access it (unless the IPFS nodes hosting the file are in a private swarm that you are in total control of). So pretty good :), but not invulnerable to a motivated attacker using methods like rubber-hose or black-bag cryptanalysis.
So it’s probably secure for now. It’s probably a good idea to assume that RSA or IDEA will be broken at some point in the future (years or decades from now?) so anyone with the encrypted version of the file might be able to see what’s in it.
In order for the public IPFS swarm to work, your node advertises to the swarm hashes that you can provide. Theoretically someone could be listening to all of this traffic and download everything it hears about.
If we think ahead and talk post-quantum cryptography, RSA & DSA are dead. Definitely. IDEA is symmetric afaik, i.e. it will only be weakened in quantum attacks, but since it uses a 128bit key, it won’t be that hard to crack. (Edit: same goes for the GPG default CAST5 cipher.) I don’t know too much about this stuff, but I think that using GPG/PGP with an AES-256 cipher or stronger should be OK even in a (still hypothetical) quantum world.
Side note: if IPFS is ever to implement an (optional) built-in encryption functionality for added content, the developers should make sure that the door stays open for stronger ciphers down the road.