More questions about: "gpg: WARNING: message was not integrity
John W. Moore III
johnmoore3rd at joimail.com
Mon Apr 10 01:57:00 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Robert J. Hansen wrote:
> David Shaw wrote:
>> That's sort of an apples and oranges question. CAST5 is a 128-bit
>> cipher. AES256 is a 256-bit cipher. Is CAST5 weaker than AES256?
>> Yes, but that's that not to say that CAST5 is broken somehow: AES256
>> is just twice as large.
> Forgive me for being pedantic, but I'd like to make a small
> clarification here for the benefit of people who don't understand what
> key sizes mean.
> The key is twice as large. That doesn't mean there are twice as many
> keys. It has considerably more than that.
> AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> times as many possible keys as CAST5. The difference between the two is
> almost incomprehensible.
> Again, apologies for the pedantry. :)
I don't consider it 'pedantic'; however, I'm sure David meant to state
that AES256 is 'exponentially' larger. I am also glad that David
pointed out the limiting factor of specifying a particular algorithm for
encryption in the gpg.conf File.
This may work fine for communication between 2 individuals but can/will
create problems when attempting to communicate with someone whose
Preferences will not support that algorithm. Best example: PGP 8.1
*cannot* verify any signature hashed above SHA256.
Timestamp: Sunday 09 Apr 2006, 19:56 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-4099svn: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust (US26): http://www.gswot.org
Comment: Homepage: http://tinyurl.com/9ubue
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users