If the attacker has access to the 20 encrypted versions, is the decryption time lower? In this exact scenario, is the encryption breakable?
No it isn't lower, and no encryption won't be breakable any more than a single ciphertext.
The command gpg -c
will use an iterated and salted string-to-key function by default (tested using gpg (GnuPG) 2.2.19).
Following is generated using the pgpdump
command line tool after I encrypted a small text file using gpg -c
:
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
New version(4)
Sym alg - AES with 256-bit key(sym 9)
Iterated and salted string-to-key(s2k 3):
Hash alg - SHA1(hash 2)
Salt - bc da bd be 72 43 43 8a
Count - 65011712(coded count 255)
New: Symmetrically Encrypted and MDC Packet(tag 18)(90 bytes)
Ver 1
Encrypted data [sym alg is specified in sym-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
A string-to-key function is known as a Password Based Key Derivation Function or PBKDF.
The random 64 bit salt is combined with the password to generate a new secret value, which will be used to perform the encryption. As each key is generated using a different input, and since PBKDF's are not invertible the encryption keys do not provide any attack vector. Information about one key doesn't give any information about the other keys that were generated.
The actual encryption keys may as well have been generated by a secure random number generator - as long as the attacker doesn't find the password. But searching for the password isn't sped up at all compared to a single ciphertext.