More questions about: "gpg: WARNING: message was not integrity protected"

David Shaw dshaw at jabberwocky.com
Mon Apr 10 02:11:04 CEST 2006


On Sun, Apr 09, 2006 at 07:57:00PM -0400, John W. Moore III wrote:
> Robert J. Hansen wrote:
> > David Shaw wrote:
> >> That's sort of an apples and oranges question.  CAST5 is a 128-bit
> >> cipher.  AES256 is a 256-bit cipher.  Is CAST5 weaker than AES256?
> >> Yes, but that's that not to say that CAST5 is broken somehow: AES256
> >> is just twice as large.
> > 
> > Forgive me for being pedantic, but I'd like to make a small
> > clarification here for the benefit of people who don't understand what
> > key sizes mean.
> > 
> > The key is twice as large.  That doesn't mean there are twice as many
> > keys.  It has considerably more than that.
> > 
> > AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> > times as many possible keys as CAST5.  The difference between the two is
> > almost incomprehensible.
> > 
> > Again, apologies for the pedantry.  :)
> 
> I don't consider it 'pedantic'; however, I'm sure David meant to state
> that AES256 is 'exponentially' larger.  I am also glad that David
> pointed out the limiting factor of specifying a particular algorithm for
> encryption in the gpg.conf File.
> 
> This may work fine for communication between 2 individuals but can/will
> create problems when attempting to communicate with someone whose
> Preferences will not support that algorithm.  Best example: PGP 8.1
> *cannot* verify any signature hashed above SHA256.

Exactly.  Which is a great example why people should not set
particular ciphers, and just let the automatic system do its job.  The
main point of the automatic system is to prevent mismatches like this.

David



More information about the Gnupg-users mailing list