Default hash
Aaron Toponce
aaron.toponce at gmail.com
Sat Feb 26 00:05:56 CET 2011
On 02/25/2011 03:22 PM, Ben McGinnes wrote:
> You shouldn't need to worry about changing the preferred order. GPG
> will determine the most compatible combination of ciphers and hashes
> based on the keys used to encrypt messages. For example, my preferred
> symmetric cipher is AES-256, but on a certain mailing list I'm on
> encrypted messages sent there use Triple-DES because of the
> preferences/limitations of other recipients' keys. That's all the
> settings I listed were, an order of preference and not forcing one
> particular algorithm to the exclusion of all else.
Yeah. I'm not one that tends to break from default much, so if GnuPG has
a good sane default set of cipher, signing and compression preferences,
then who am I to argue? However, I did generate an RSA subkey, so I
could get those SHA2 signing algos, and I want to use them.
So, with that said, here's what I came up with for my own personal
preference:
Cipher: TWOFISH, CAMELLIA256, AES256, CAMELLIA192, AES192, CAMELLIA128,
AES, BLOWFISH, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5
Compression: BZIP2, ZLIB, ZIP, Uncompressed
I chose Twofish as my first 256-bit cipher, as I support Bruce Schneier
and it's shown to be a very robust and capable cipher, both in terms of
speed and memory usage. I then put Camellia over AES due to the low
power consumption. I don't trust 3DES, and I don't know much about CAST5
other than what Wikipedia has.
Also, my understanding on how the preferences are chosen by GnuPG is the
following:
1. User wishes to encrypt mail to me, so my cipher preferences in my
public key are pulled.
2. My first preference, Twofish, is used, only if the sender supports
the Twofish algorithm.
3. If not, the next cipher in my preference list, Camellia256, is then
chosen, so long as the sender also supports Camellia256.
4. Proceed inductively, until a matching cipher that can be agreed on
between the two parties is chosen.
5. Message is encrypted using the agreed algorithm.
6. The same is used for signatures and compression.
Is this accurate? Thoughts on the order of my prefs?
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110225/e53b51a7/attachment.pgp>
More information about the Gnupg-users
mailing list