Selecting cipher to generate a key pair

Robert J. Hansen rjh at
Fri May 1 06:13:49 CEST 2009

Allen Schultz wrote:
> What's the default to encrypting/hashing the secret key? And how good is it?


It's hard to talk about how good it is.  Cryptography is an intensively
mathematical discipline, and most people are not very well-equipped to
discuss those details.

Ultimately, it would be like arguing whether King Kong or Godzilla is
better at urban destruction.  Biologists can argue until the cows come
home which one would be better and why, but from the perspective of your
average inhabitant of Tokyo or New York City the answer is, "Who cares?
 Get out of town _right now_!"

>From the perspective of the overwhelming majority of OpenPGP users,
CAST5-128 does the job just fine.  The only instances I'm aware of in
which CAST5-128 doesn't do the job well are ones where bureaucratic
rules require specific algorithms, and CAST5-128 isn't on that
checklist.  That's a bureaucratic failing, though, not a failing of

More information about the Gnupg-users mailing list