Question about mangling of passphrases
Sat Mar 16 01:03:01 2002

Hello GnuPG Users!

I wonder if it is safe to use GnuPG for symmetric encryption with 256 Bit
The problem I see is as follows: 

    When someone uses symmetric only encryption GnuPG prompts for a
    This passphrase is then hashed with an algorithm like RIPE-MD160 (whis
is the default)
    into a 160 Bit hash value.
    This 160 Bit hash value (or part of it) is then used as a key for a
symmetric cypher
    like BLOWFISH (whis has a key length of 128 Bit, so I assume the least
    128 Bits of the hash value are being used).
    But what happens if someone uses a cypher with a key length of more than
160 Bit
    (e.g. 256 Bit) ?
    The hash value is too small to be used as the key for those cyphers.
    So how does GnuPG mangle the passphrase to yield a key with e.g. 256 Bit

Does anyone have an answer to that ?

GMX - Die Kommunikationsplattform im Internet.