Question regarding s2k algorithms
dshaw at jabberwocky.com
Mon Nov 17 05:24:13 CET 2008
On Nov 16, 2008, at 9:47 PM, Kevin Hilton wrote:
> Ok so let me ask things in a different way
> Is the s2k-cipher-algo used in any other methods other than for
> protection of the keyring? Seems odd to me that CAST5 is the default
> -- however I'm sure this is specified according the one of the RFCs.
The RFC says nothing about it. CAST5 was chosen to maximize
compatibility with older versions of PGP, but not be as slow as 3DES.
If you specify --openpgp, it becomes 3DES.
It is used whenever a key needs to encrypted/decrypted with a
passphrase. The huge majority of the time that is protecting secret
keys. The other spot where this is needed is a little obscure:
creating a message with both passphrase *and* public key encryption.
That is, some recipients use their secret keys to decrypt, and some
recipients use a passphrase. In this case, the s2k-cipher-algo is
used to encrypt the session key to the passphrase recipients (and like
all symmetric encryption, it's up to you to make sure those recipients
can decrypt it).
> There is no current security implication for using the SHA1 hash for
> password hashing when using symmetric encryption? I'm only asking
> this in regards to selecting hash algorithms, because there seems to
> be a little hedging on the tried and true statement "Use the defaults"
> when it comes to the selection of hash algorithms. The intention of
> the last statement is not to rehash the old discussion of which hash
> algorithm to use -- really it is not!!
Don't like SHA1? That's fine, and we give you the ability to change
it to something else, but then you become responsible for not shooting
yourself in the foot. :)
Use the defaults. Really. If we felt that overall there was a better
algorithm to use than the current default, we'd make that algorithm
into the new default.
More information about the Gnupg-users