default cipher question

David Shaw
Mon Jul 22 21:52:01 2002

On Mon, Jul 22, 2002 at 07:20:53PM +0000, Brian M. Carlson wrote:
> On Fri, Jul 19, 2002 at 10:27:21PM -0000, wrote:
> > Hi, I noticed the GnuPG 1.0.7 docs say:
> > 
> >       * The default cipher algorithm for encryption is now CAST5,
> >       default hash algorithm is SHA-1.  This will give us better
> >       interoperability with other OpenPGP implementations.
> > 
> > My question is, since RFC2440 requires that every OpenPGP
> > implementation support 3DES, how does using CAST5 as the default
> > improve interoperability?  If 3DES was the default, wouldn't
> > GnuPG interoperate with all other conformant implementations?
> It doesn't improve interoperability. 3DES should be the default. If SHA1
> should be the default hash algorithm, 3DES should be the default cipher
> algorithm, shouldn't it?

It is.  The above note refers to the s2k cipher and conventional
(i.e. --symmetric) encryption.  The default for public key encryption
is 3DES.

> I'm creating a public
> domain implementation (secret's out!) but I'm not sure what preferences
> it'll have yet. That's a long way away.

Cool.  I'm looking forward to more OpenPGP implementations.  There is
also an OpenSSL-based one under development.

> It is quite realistic to create a minimalistic OpenPGP implementation.
> In fact the RFC etc. makes reference to it several times, IIRC.

Yes.  The smallest possible legal OpenPGP implementation would support
3DES and SHA1 only.  In practice, you pretty much need ZIP as well to
read incoming messages since PGP does not follow the compression
settings and always generates ZIP.  It is also good for security to
compress if you can when generating messages.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson