getting rid of blowfishes (was Re: Windoze PGP Compatability)

Andreas Schamanek
Tue, 25 Apr 2000 19:10:04 +0200 (MEST)

On Mon, 24 Apr 2000, L. Sassaman wrote:

> > On Mon, 24 Apr 2000, L. Sassaman wrote:
> >
> > > Also, disabling blowfish altogether is probably a good idea.
> Because it isn't as well reviewed as 3DES, well respected as CAST5 or
> IDEA, or as fast as Twofish. It's not supported by PGP for these reasons,
> and using it will cause potential problems if you intend to be able to use
> a GnuPG generated keypair with PGP.
Actually, I like blowfishes (I mean the fish) but I understand that there are better alternatives when dealing with encryption. How can I move from the default BLOWFISH to some other cipher? Since my key is encrypted with BLOWFISH I can't just disable it, can I? I thought the trick is to remove the password, export the keys and import them again with BLOWFISH disabled. But when I try to reprotect my secret key GnuPG says gpg: protect_secret_key failed: unknown cipher algorithm Probably, I misunderstood some basics. Any clarification appreciated. Last question: If we should avoid BLOWFISH what cipher should we use? I know that this question cannot be dealt with in detail here. But maybe somebody can write a short note about her or his preferences (without being flamed by others ;) from an average user's point of view. The alternatives so far are: 3DES, CAST5 and TWOFISH. Regards, -- Andreas