More questions about: "gpg: WARNING: message was not integrity protected"

David Shaw dshaw at jabberwocky.com
Mon Apr 10 02:12:33 CEST 2006


On Sun, Apr 09, 2006 at 06:44:18PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> > That's sort of an apples and oranges question.  CAST5 is a 128-bit
> > cipher.  AES256 is a 256-bit cipher.  Is CAST5 weaker than AES256?
> > Yes, but that's that not to say that CAST5 is broken somehow: AES256
> > is just twice as large.
> 
> Forgive me for being pedantic, but I'd like to make a small
> clarification here for the benefit of people who don't understand what
> key sizes mean.
> 
> The key is twice as large.  That doesn't mean there are twice as many
> keys.  It has considerably more than that.
> 
> AES256 has about 100,000,000,000,000,000,000,000,000,000,000,000,000
> times as many possible keys as CAST5.  The difference between the two is
> almost incomprehensible.

Indeed.  However, again, that doesn't mean CAST5 is broken.  Just
smaller than AES256.

AES256 is vastly stronger than most people need in practice.  Heck,
CAST5 is vastly stronger than most people need in practice.  Even so,
AES256 is more or less the default for new keys in both PGP and
GnuPG.

David



More information about the Gnupg-users mailing list