Compatibility

Fri, 14 Apr 2000 02:23:16 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 14 Apr 2000, Werner Koch wrote:

> On Thu, 13 Apr 2000, John Saylor wrote:

> 

> > It's a long story. Blowfish is a fast and secure [so far]

> > algorithm. You'd have to ask NAI why they don't implement it.

> 

> For encryption it is relly simple:  If you encrypt for a key, an

> OpenPGP implemenation does an intersection between the list of

> algorithm it implements and the ones foun in the key of the recipient.

> This intersection will never be empty becuase 3DES is implicty

> available.

> 

> So, if you created a key with a preference including Blowfish, any

> OpenPGP implemenation may decide to use Blowfish for encryption.

Remember, though, that creating a key with the preferences of one OpenPGP
implementation may cause you some trouble if you then use that key with an
OpenPGP implementation that doesn't support some of those ciphers you had
specified as accepted in the key.

And example: Key is generated with GnuPG. Blowfish is preferred. Key is
then moved to system using PGP. Public key is given to someone using
GnuPG. Message is sent, using Blowfish (on account of the prefs). The
recipient cannot view the message, because PGP doesn't have Blowfish.

This seems to be a FAQ on this and the PGP-Users lists.

As it doesn't look like Blowfish is going to be implemented in PGP, I'd
like to see GnuPG give the option to exclude it from the preferences when
keys are generated in GnuPG.

- --Len.

__

L. Sassaman

System Administrator                |  "All of the chaos
Technology Consultant               |   Makes perfect sense..."
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |              --Joe Diffie