Question about mangling of passphrases
Sat Mar 16 01:03:01 2002
Hello GnuPG Users!
I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit
The problem I see is as follows:
When someone uses symmetric only encryption GnuPG prompts for a
This passphrase is then hashed with an algorithm like RIPE-MD160 (whis
is the default)
into a 160 Bit hash value.
This 160 Bit hash value (or part of it) is then used as a key for a
like BLOWFISH (whis has a key length of 128 Bit, so I assume the least
128 Bits of the hash value are being used).
But what happens if someone uses a cypher with a key length of more than
(e.g. 256 Bit) ?
The hash value is too small to be used as the key for those cyphers.
So how does GnuPG mangle the passphrase to yield a key with e.g. 256 Bit
Does anyone have an answer to that ?
GMX - Die Kommunikationsplattform im Internet.