Question regarding s2k algorithms

Kevin Hilton kevhilton at
Mon Nov 17 03:47:44 CET 2008

Ok so let me ask things in a different way

Is the s2k-cipher-algo used in any other methods other than for
protection of the keyring?  Seems odd to me that CAST5 is the default
-- however I'm sure this is specified according the one of the RFCs.

There is no current security implication for using the SHA1 hash for
password hashing when using symmetric encryption?  I'm only asking
this in regards to selecting hash algorithms, because there seems to
be a little hedging on the tried and true statement "Use the defaults"
when it comes to the selection of hash algorithms.  The intention of
the last statement is not to rehash the old discussion of which hash
algorithm to use -- really it is not!!

More information about the Gnupg-users mailing list