default cipher question

Brian M. Carlson karlsson@hal-pc.org
Mon Jul 22 21:20:01 2002


--jousvV0MzM2p6OtC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 19, 2002 at 10:27:21PM -0000, phr-2002@nightsong.com wrote:
> Hi, I noticed the GnuPG 1.0.7 docs say:
>=20
>       * The default cipher algorithm for encryption is now CAST5,
>       default hash algorithm is SHA-1.  This will give us better
>       interoperability with other OpenPGP implementations.
>=20
> My question is, since RFC2440 requires that every OpenPGP
> implementation support 3DES, how does using CAST5 as the default
> improve interoperability?  If 3DES was the default, wouldn't
> GnuPG interoperate with all other conformant implementations?

It doesn't improve interoperability. 3DES should be the default. If SHA1
should be the default hash algorithm, 3DES should be the default cipher
algorithm, shouldn't it?
=20
> Can you tell me what other implementations are actually being used
> much, and what are their default ciphers?  Is it not realistic to code
> an OpenPGP implementation that only supports 3DES?

AFAIK, PGP 2.x uses IDEA (which we don't use because it is non-free).
PGP 5.x and 6.x support 3DES, CAST5, and IDEA. CAST5 is the default. PGP
7.x has TWOFISH, 3DES, CAST5, IDEA, and in some versions AES*
(RIJNDAEL*). I'm not sure what that default is. GnuPG's defaults are
plastered on the public key when you create it, or you can recreate them
by typing "setpref" (with no argument) and then "updpref". They've
changed from version to version. I'm creating a public
domain implementation (secret's out!) but I'm not sure what preferences
it'll have yet. That's a long way away.

It is quite realistic to create a minimalistic OpenPGP implementation.
In fact the RFC etc. makes reference to it several times, IIRC.

> I'm asking this because I'm planning to submit a block cipher module
> to the Python library and was planning to support only AES and DES/3DES.
> However, if there are a lot of OpenPGP users using CAST5, maybe that
> has to be supported too, since it would be nice to have a Python
> implementation of OpenPGP.

It's fine to only support those two algorithms. If you do not have
preferences on your key, it is assumed you can only support the OpenPGP
defaults: {"cipher": [3des], "hash": [sha1], "compress": [zip, none]}

> >From this point of view, making CAST5 the default instead of 3DES
> hurts compatibility rather than helping it.

I agree. But I don't do the programming here, so you'll have to talk to
the people that do.

--=20
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
E7
All true wisdom is found on T-shirts.

--jousvV0MzM2p6OtC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.90 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQFKBAEBAwA0BQI9PFsULRpodHRwOi8vZGVjb3kud294Lm9yZy9+Ym1jL29wZW5w
Z3AvcG9saWN5LnRleAAKCRDlkf/JVgVT58m6CACYgotimFZBOQBlIqZo4f0gwmHG
uZdcOhMqHPtrqzcKX5+qj1amGR7G3ekn9ZooXTBuXKZgrQ5B/OyVTCam2RmZvRtr
tFk9/rx8i8YX0bI7lRe/7IbR+HQQFqlbfVjFDar6jgsLaoIRmHpfjk1yL+VkKCLr
5ykax4u4TvLGz969vLgMczaXcAU+ON2lQlS/pYi8vK+XlGb1WPPgSrNEiGeAvuZp
rRCje7pWvx5wrOQfOsHdJM6/0QHafXUC4MiMztTtrk2shc3OHbKfo5mFMlJAlqRy
a5TOvJv9818DqWXjaCdPB81PhSDF/TuoWpYQD8XZx1uB6QIelnhTbmgsHxhD
=c63T
-----END PGP SIGNATURE-----
Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex

--jousvV0MzM2p6OtC--