getting rid of blowfishes (was Re: Windoze PGP Compatability)

Pierre-Henri SENESI Pierre-Henri.Senesi@taloa.unice.fr
Wed, 26 Apr 2000 14:06:37 +0200 

I am no more interrsetd in this list
I cannot unsubscribe by the normal ways
please unsubcribe me



L. Sassaman a écrit:

> 

> -----BEGIN PGP SIGNED MESSAGE-----

> Hash: SHA1

> 

> On Tue, 25 Apr 2000, Andreas Schamanek wrote:

> 

> > How can I move from the default BLOWFISH to some other cipher? Since my

> > key is encrypted with BLOWFISH I can't just disable it, can I?

> >

> > I thought the trick is to remove the password, export the keys and

> > import them again with BLOWFISH disabled. But when I try to reprotect my

> > secret key GnuPG says

> >

> >   gpg: protect_secret_key failed: unknown cipher algorithm

> >

> > Probably, I misunderstood some basics. Any clarification appreciated.

> 

> I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be

> a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the

> keys, export with no password, import, assign a password, you should be

> fine.

> 

> While you are at it, --disable-pubkey-algo ELG-S is another good

> precaution.

> 

> > Last question: If we should avoid BLOWFISH what cipher should we use?

> > I know that this question cannot be dealt with in detail here. But maybe

> > somebody can write a short note about her or his preferences (without

> > being flamed by others ;) from an average user's point of view.

> 

> 3DES is slow, but it is the most extensively reviewed, and it required to

> be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are

> "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent

> issues, and not all GnuPG users will have it enabled. So I would nix

> that. CAST5 is a good choice; fairly fast, fairly well respected (more so

> than Blowfish, not as trusted as 3DES).

> 

> Twofish is the fastest of all of these, and also the newest. PGP 6.x and

> before does not support it.

> 

> All versions of PGP greater than 1 support IDEA.

> 

> PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES.

> 

> Take your pick...

> 

> > The alternatives so far are: 3DES, CAST5 and TWOFISH.

> >

> >

> > Regards,

> >

> > -- Andreas

> >

> 

> __

> 

> L. Sassaman

> 

> System Administrator                |

> Technology Consultant               |   [This space for rent]

> icq.. 10735603                      |

> pgp.. finger://ns.quickie.net/rabbi |

> 

> -----BEGIN PGP SIGNATURE-----

> Comment: For info see http://www.gnupg.org

> 

> iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh

> rPLASUr1NJbCzucdvaJzA5Y=

> =aYTy

> -----END PGP SIGNATURE-----


-- 
-----------------------------------------------------------------------------------------------
Pierre-Henri SENESI formateur technologie Institut Universitaire de
Formation des Maitres Nice 
     Technology trainer   University Institute for Teacher Training    
Nice    France
43, Av. Stephen Liegeard       F 06100   NICE       France   tél/fax 
(33)/(0) 492.07.74.89
-----------------------------------------------------------------------------------------------