getting rid of blowfishes (was Re: Windoze PGP Compatability)

[L. Sassaman]

And how should I do that? Unsubscribe yourself.

On Wed, 26 Apr 2000, Pierre-Henri SENESI wrote:

> I am no more interrsetd in this list
> I cannot unsubscribe by the normal ways
> please unsubcribe me
> 
> 
> 
> L. Sassaman a écrit:
> > 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > On Tue, 25 Apr 2000, Andreas Schamanek wrote:
> > 
> > > How can I move from the default BLOWFISH to some other cipher? Since my
> > > key is encrypted with BLOWFISH I can't just disable it, can I?
> > >
> > > I thought the trick is to remove the password, export the keys and
> > > import them again with BLOWFISH disabled. But when I try to reprotect my
> > > secret key GnuPG says
> > >
> > >   gpg: protect_secret_key failed: unknown cipher algorithm
> > >
> > > Probably, I misunderstood some basics. Any clarification appreciated.
> > 
> > I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be
> > a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the
> > keys, export with no password, import, assign a password, you should be
> > fine.
> > 
> > While you are at it, --disable-pubkey-algo ELG-S is another good
> > precaution.
> > 
> > > Last question: If we should avoid BLOWFISH what cipher should we use?
> > > I know that this question cannot be dealt with in detail here. But maybe
> > > somebody can write a short note about her or his preferences (without
> > > being flamed by others ;) from an average user's point of view.
> > 
> > 3DES is slow, but it is the most extensively reviewed, and it required to
> > be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are
> > "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent
> > issues, and not all GnuPG users will have it enabled. So I would nix
> > that. CAST5 is a good choice; fairly fast, fairly well respected (more so
> > than Blowfish, not as trusted as 3DES).
> > 
> > Twofish is the fastest of all of these, and also the newest. PGP 6.x and
> > before does not support it.
> > 
> > All versions of PGP greater than 1 support IDEA.
> > 
> > PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES.
> > 
> > Take your pick...
> > 
> > > The alternatives so far are: 3DES, CAST5 and TWOFISH.
> > >
> > >
> > > Regards,
> > >
> > > -- Andreas
> > >
> > 
> > __
> > 
> > L. Sassaman
> > 
> > System Administrator                |
> > Technology Consultant               |   [This space for rent]
> > icq.. 10735603                      |
> > pgp.. finger://ns.quickie.net/rabbi |
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Comment: For info see http://www.gnupg.org
> > 
> > iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh
> > rPLASUr1NJbCzucdvaJzA5Y=
> > =aYTy
> > -----END PGP SIGNATURE-----
> 
> -- 
> -----------------------------------------------------------------------------------------------
> Pierre-Henri SENESI formateur technologie Institut Universitaire de
> Formation des Maitres Nice 
>      Technology trainer   University Institute for Teacher Training    
> Nice    France
> 43, Av. Stephen Liegeard       F 06100   NICE       France   tél/fax 
> (33)/(0) 492.07.74.89
> -----------------------------------------------------------------------------------------------
> 

__

L. Sassaman

System Administrator                |  
Technology Consultant               |   [This space for rent]
icq.. 10735603                      |
pgp.. finger://ns.quickie.net/rabbi |