getting rid of blowfishes (was Re: Windoze PGP Compatability)
Pierre-Henri SENESI
Pierre-Henri.Senesi@taloa.unice.fr
Wed, 26 Apr 2000 14:06:37 +0200
I am no more interrsetd in this list
I cannot unsubscribe by the normal ways
please unsubcribe me
L. Sassaman a écrit:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 25 Apr 2000, Andreas Schamanek wrote:
>
> > How can I move from the default BLOWFISH to some other cipher? Since my
> > key is encrypted with BLOWFISH I can't just disable it, can I?
> >
> > I thought the trick is to remove the password, export the keys and
> > import them again with BLOWFISH disabled. But when I try to reprotect my
> > secret key GnuPG says
> >
> > gpg: protect_secret_key failed: unknown cipher algorithm
> >
> > Probably, I misunderstood some basics. Any clarification appreciated.
>
> I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be
> a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the
> keys, export with no password, import, assign a password, you should be
> fine.
>
> While you are at it, --disable-pubkey-algo ELG-S is another good
> precaution.
>
> > Last question: If we should avoid BLOWFISH what cipher should we use?
> > I know that this question cannot be dealt with in detail here. But maybe
> > somebody can write a short note about her or his preferences (without
> > being flamed by others ;) from an average user's point of view.
>
> 3DES is slow, but it is the most extensively reviewed, and it required to
> be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are
> "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent
> issues, and not all GnuPG users will have it enabled. So I would nix
> that. CAST5 is a good choice; fairly fast, fairly well respected (more so
> than Blowfish, not as trusted as 3DES).
>
> Twofish is the fastest of all of these, and also the newest. PGP 6.x and
> before does not support it.
>
> All versions of PGP greater than 1 support IDEA.
>
> PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES.
>
> Take your pick...
>
> > The alternatives so far are: 3DES, CAST5 and TWOFISH.
> >
> >
> > Regards,
> >
> > -- Andreas
> >
>
> __
>
> L. Sassaman
>
> System Administrator |
> Technology Consultant | [This space for rent]
> icq.. 10735603 |
> pgp.. finger://ns.quickie.net/rabbi |
>
> -----BEGIN PGP SIGNATURE-----
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh
> rPLASUr1NJbCzucdvaJzA5Y=
> =aYTy
> -----END PGP SIGNATURE-----
--
-----------------------------------------------------------------------------------------------
Pierre-Henri SENESI formateur technologie Institut Universitaire de
Formation des Maitres Nice
Technology trainer University Institute for Teacher Training
Nice France
43, Av. Stephen Liegeard F 06100 NICE France tél/fax
(33)/(0) 492.07.74.89
-----------------------------------------------------------------------------------------------