L. Sassaman
Fri, 14 Apr 2000 02:23:16 -0700 (PDT)

Hash: SHA1

On Fri, 14 Apr 2000, Werner Koch wrote:

> On Thu, 13 Apr 2000, John Saylor wrote:
> > It's a long story. Blowfish is a fast and secure [so far]
> > algorithm. You'd have to ask NAI why they don't implement it.
> For encryption it is relly simple: If you encrypt for a key, an
> OpenPGP implemenation does an intersection between the list of
> algorithm it implements and the ones foun in the key of the recipient.
> This intersection will never be empty becuase 3DES is implicty
> available.
> So, if you created a key with a preference including Blowfish, any
> OpenPGP implemenation may decide to use Blowfish for encryption.
Remember, though, that creating a key with the preferences of one OpenPGP implementation may cause you some trouble if you then use that key with an OpenPGP implementation that doesn't support some of those ciphers you had specified as accepted in the key. And example: Key is generated with GnuPG. Blowfish is preferred. Key is then moved to system using PGP. Public key is given to someone using GnuPG. Message is sent, using Blowfish (on account of the prefs). The recipient cannot view the message, because PGP doesn't have Blowfish. This seems to be a FAQ on this and the PGP-Users lists. As it doesn't look like Blowfish is going to be implemented in PGP, I'd like to see GnuPG give the option to exclude it from the preferences when keys are generated in GnuPG. - --Len. __ L. Sassaman System Administrator | "All of the chaos Technology Consultant | Makes perfect sense..." icq.. 10735603 | pgp.. finger:// | --Joe Diffie -----BEGIN PGP SIGNATURE----- Comment: For info see iEYEARECAAYFAjj2440ACgkQPYrxsgmsCmqPXACeKsSMKXuUhxNXoN48R6Z6v/f5 DC0AoK3b9f4aYzkLdO0e+PVrzeSuwC5S =n9zV -----END PGP SIGNATURE-----