Per Tunedal Casual
pt at radvis.nu
Mon Oct 25 20:44:41 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
At 23:20 2004-10-24, Per Tunedal Casual wrote:
>What are the security implications? It cannot be meaningful to choose a
>cipher that produces a longer key than the password can generate. If SHA-1
>is the limit, then you've got 160 bits. Thus a cipher with 256 bits would
>be overkill. If the password is used directly the calculation must be based
>on the strength of the password used by the individual, I suppose.
I thought once more about this :-)
It's hard enough to put up a passphrase that matches an 128 bit-key. The
hash, if any, doesn't matter, because it can hardly decrease the strength
of the passphrase,.
Thus any cipher with a key longer than 128-bits is overkill when you
encrypt symmetrically. Right?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
-----END PGP SIGNATURE-----
More information about the Gnupg-users