A few newbie Qs

frank ernest doark at mail.com
Sat Apr 26 20:41:08 CEST 2014 

Hello,

These first two may be kinda a preferences thing, but
I'm no expert in the field and I could not read the
math even if I wanted to, so try to be easy on me.

Which algorithm is most secure/is there more non-college-math
info on the web somewhere (no wikipedia please)?
IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256


What are the "?" mark values? "Pubkey: RSA, ELG, DSA, ?, ?"
And similar to the above question, what is the hardest to
break (I understand that there is no chance of a brute force
attack, see the question below for a better idea of the attack
I'm concerned about)(no wikipedia please)?
How sensitive is an email to assumption based deciphering?


For instance: Normal people start their emails with "Hello",
"To whom it may concern", "Dear so-and-so" and people generally end
their emails with "Thanks", "Sincerely, name", "Yours truly, name".
Now, "name" and "so-and-so" can easily be determined by the public key
of the person to whom you are sending data and your name can also
be determined based on which email address you sent the message from
so that gives crackers and the feds respectivly:

Hello                    5
To whom it may concern  23
Dear + name,            10+
Thanks                   6
Sincerely, + name       16+
Yours truly, + name     20+

chars of preknown text (not to mention that most messages in english
contain a large amount of "e"s,) to work with.
So, how hard is it, knowing some of the message, to discover the whole
thing and/or the private key of the user?

Is it polite to post saying that you want to sign keys with somebody on
a random mailing list? I can't decide, for though it is a recommended
practice in the "keysigning howto" guide, I've never seen anybody do it and
it is off topic on most lists. This, is of course, ignoring the fact that
a "web of trust" can't be built unless people try to reach out to one another
and sign there respective keys. The main reson I'm asking is, because
I live out in a rural area and am unlikly to meet anybody who knows more
about a computer then that you can't juice it, pick it, or mate it....

Is there a way to tell gpg2 to encrypt the body of a message with something
other then AES? (I've read that it uses AES for the body and  I've read that AES is a fast, but not very good method of encryption.)

If my key expires, is using the same passpharse on another key a safe/ok
thing to do?

Is there a limit practical or imposed on the lenght of a passpharse?
I'm thinking of a 740 char passphrase that, though containing
sentences and, therefore, making sense, (though perhaps only to
some sick people like me,) and also containing repetitions of words
4+ chars long, is really easy for me to remember.
Do you think that it would be a good passphrase?

Is exporting a public key a great way to announce that you can't
wait to be spammed? (Your email is included in the output, as is your name.)

If multiple people sign a cert and return it to me how do I merge all the
signatures back into my key on my computer?

More information about the Gnupg-users mailing list