More questions about: "gpg: WARNING: message was not integrity protected"

David Shaw dshaw at
Mon Apr 10 02:12:33 CEST 2006

On Sun, Apr 09, 2006 at 06:44:18PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> > That's sort of an apples and oranges question.  CAST5 is a 128-bit
> > cipher.  AES256 is a 256-bit cipher.  Is CAST5 weaker than AES256?
> > Yes, but that's that not to say that CAST5 is broken somehow: AES256
> > is just twice as large.
> Forgive me for being pedantic, but I'd like to make a small
> clarification here for the benefit of people who don't understand what
> key sizes mean.
> The key is twice as large.  That doesn't mean there are twice as many
> keys.  It has considerably more than that.
> AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> times as many possible keys as CAST5.  The difference between the two is
> almost incomprehensible.

Indeed.  However, again, that doesn't mean CAST5 is broken.  Just
smaller than AES256.

AES256 is vastly stronger than most people need in practice.  Heck,
CAST5 is vastly stronger than most people need in practice.  Even so,
AES256 is more or less the default for new keys in both PGP and


More information about the Gnupg-users mailing list