More questions about: "gpg: WARNING: message was not integrity protected"

John W. Moore III johnmoore3rd at joimail.com
Mon Apr 10 01:57:00 CEST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> David Shaw wrote:
>> That's sort of an apples and oranges question.  CAST5 is a 128-bit
>> cipher.  AES256 is a 256-bit cipher.  Is CAST5 weaker than AES256?
>> Yes, but that's that not to say that CAST5 is broken somehow: AES256
>> is just twice as large.
> 
> Forgive me for being pedantic, but I'd like to make a small
> clarification here for the benefit of people who don't understand what
> key sizes mean.
> 
> The key is twice as large.  That doesn't mean there are twice as many
> keys.  It has considerably more than that.
> 
> AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> times as many possible keys as CAST5.  The difference between the two is
> almost incomprehensible.
> 
> Again, apologies for the pedantry.  :)

I don't consider it 'pedantic'; however, I'm sure David meant to state
that AES256 is 'exponentially' larger.  I am also glad that David
pointed out the limiting factor of specifying a particular algorithm for
encryption in the gpg.conf File.

This may work fine for communication between 2 individuals but can/will
create problems when attempting to communicate with someone whose
Preferences will not support that algorithm.  Best example: PGP 8.1
*cannot* verify any signature hashed above SHA256.

JOHN ;)
Timestamp: Sunday 09 Apr 2006, 19:56  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4099svn: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage:  http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJEOZ9CAAoJEBCGy9eAtCsPaAgH/j/2+OhYsmVEazmcUQqBI4mS
Usmi+aZTTr8UAvmuwnEYxa0VW3Qx+WHK3JpuzQQeSPOi3EdS4kHNNVBM6CZJY69C
BuiU0f8ordUN7nOi1/jFVmCnPPEtlP124l5mWxvmIxd13a3lDP+TEqu3ZNyywKwq
fzSvV2uuHDq4PpVDLsk+Vd2KjM+03qZVv/Qu673CWqgWowkFwzsrEXbJ7ChXGXe3
TEj/Y8WEBp0me3UQHD/FVOxBsCq4oz5UVwHnddMnOFNIv/JfbuCEEUZSrr/N1j9a
qPwrPl1Qi/dRfjaVYj+Uj0IsbhWkfmYKVba362qosamY3KbXXs5V2lrMifapkDI=
=06jr
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list