getting rid of blowfishes (was Re: Windoze PGP Compatability)
Andreas Schamanek
Andreas.Schamanek@univie.ac.at
Tue, 25 Apr 2000 19:10:04 +0200 (MEST)
On Mon, 24 Apr 2000, L. Sassaman wrote:
> > On Mon, 24 Apr 2000, L. Sassaman wrote:
> >
> > > Also, disabling blowfish altogether is probably a good idea.
>
> Because it isn't as well reviewed as 3DES, well respected as CAST5 or
> IDEA, or as fast as Twofish. It's not supported by PGP for these reasons,
> and using it will cause potential problems if you intend to be able to use
> a GnuPG generated keypair with PGP.
Actually, I like blowfishes (I mean the fish) but I understand that
there are better alternatives when dealing with encryption.
How can I move from the default BLOWFISH to some other cipher? Since my
key is encrypted with BLOWFISH I can't just disable it, can I?
I thought the trick is to remove the password, export the keys and
import them again with BLOWFISH disabled. But when I try to reprotect my
secret key GnuPG says
gpg: protect_secret_key failed: unknown cipher algorithm
Probably, I misunderstood some basics. Any clarification appreciated.
Last question: If we should avoid BLOWFISH what cipher should we use?
I know that this question cannot be dealt with in detail here. But maybe
somebody can write a short note about her or his preferences (without
being flamed by others ;) from an average user's point of view.
The alternatives so far are: 3DES, CAST5 and TWOFISH.
Regards,
-- Andreas