Symmetric encryption
Per Tunedal Casual
pt at radvis.nu
Sun Oct 24 23:20:16 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
how is symmetric encryption performed in GnuPG? When encrypting the secret
key and when encrypting a file?
I suppose a session key is created with the chosen length (depending on the
chosen cipher). And the session key is encrypted with the passphrase.
How is the passphrase used? Is it hashed with e.g. SHA-1 to derive a key?
Or is the passphrase used directly?
What are the security implications? It cannot be meaningful to choose a
cipher that produces a longer key than the password can generate. If SHA-1
is the limit, then you've got 160 bits. Thus a cipher with 256 bits would
be overkill. If the password is used directly the calculation must be based
on the strength of the password used by the individual, I suppose.
Vänligen
Per Tunedal
Civ. ing. Civ. ek.
S:t Mickelsgatan 148
129 44 Hägersten
Telefon: 08-646 34 83
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBfBzVaDDfzFT+2PIRArjaAJ9IJEhqN6eNrAlwqNlaO9XiVFJAYACeMfj+
0LdeahFU0nTZFxpQdtGc6Fg=
=qNzk
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list