getting rid of blowfishes (was Re: Windoze PGP Compatability)
L. Sassaman
rabbi@quickie.net
Wed, 26 Apr 2000 12:28:29 -0700 (PDT)
And how should I do that? Unsubscribe yourself.
On Wed, 26 Apr 2000, Pierre-Henri SENESI wrote:
> I am no more interrsetd in this list
> I cannot unsubscribe by the normal ways
> please unsubcribe me
>
>
>
> L. Sassaman a écrit:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Tue, 25 Apr 2000, Andreas Schamanek wrote:
> >
> > > How can I move from the default BLOWFISH to some other cipher? Since my
> > > key is encrypted with BLOWFISH I can't just disable it, can I?
> > >
> > > I thought the trick is to remove the password, export the keys and
> > > import them again with BLOWFISH disabled. But when I try to reprotect my
> > > secret key GnuPG says
> > >
> > > gpg: protect_secret_key failed: unknown cipher algorithm
> > >
> > > Probably, I misunderstood some basics. Any clarification appreciated.
> >
> > I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be
> > a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the
> > keys, export with no password, import, assign a password, you should be
> > fine.
> >
> > While you are at it, --disable-pubkey-algo ELG-S is another good
> > precaution.
> >
> > > Last question: If we should avoid BLOWFISH what cipher should we use?
> > > I know that this question cannot be dealt with in detail here. But maybe
> > > somebody can write a short note about her or his preferences (without
> > > being flamed by others ;) from an average user's point of view.
> >
> > 3DES is slow, but it is the most extensively reviewed, and it required to
> > be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are
> > "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent
> > issues, and not all GnuPG users will have it enabled. So I would nix
> > that. CAST5 is a good choice; fairly fast, fairly well respected (more so
> > than Blowfish, not as trusted as 3DES).
> >
> > Twofish is the fastest of all of these, and also the newest. PGP 6.x and
> > before does not support it.
> >
> > All versions of PGP greater than 1 support IDEA.
> >
> > PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES.
> >
> > Take your pick...
> >
> > > The alternatives so far are: 3DES, CAST5 and TWOFISH.
> > >
> > >
> > > Regards,
> > >
> > > -- Andreas
> > >
> >
> > __
> >
> > L. Sassaman
> >
> > System Administrator |
> > Technology Consultant | [This space for rent]
> > icq.. 10735603 |
> > pgp.. finger://ns.quickie.net/rabbi |
> >
> > -----BEGIN PGP SIGNATURE-----
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh
> > rPLASUr1NJbCzucdvaJzA5Y=
> > =aYTy
> > -----END PGP SIGNATURE-----
>
> --
> -----------------------------------------------------------------------------------------------
> Pierre-Henri SENESI formateur technologie Institut Universitaire de
> Formation des Maitres Nice
> Technology trainer University Institute for Teacher Training
> Nice France
> 43, Av. Stephen Liegeard F 06100 NICE France tél/fax
> (33)/(0) 492.07.74.89
> -----------------------------------------------------------------------------------------------
>
__
L. Sassaman
System Administrator |
Technology Consultant | [This space for rent]
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi |