Mailing List Archive: About Symmetric Ciphers.

About Symmetric Ciphers.

visharam at mahindrabt

Apr 10, 2000, 6:16 AM

Post #1 of 6 (896 views)

Hello,
I am thinking to install gnupg tool in one of my software. Therefore, I
wish to know more about Key Lengths provided for various symmetric
ciphers in this package.
Regards.

Re: About Symmetric Ciphers. [ In reply to ]

Apr 11, 2000, 2:31 AM

Post #2 of 6 (895 views)

On Mon, 10 Apr 2000, Vishram Kunte wrote:

> I am thinking to install gnupg tool in one of my software. Therefore, I
> wish to know more about Key Lengths provided for various symmetric
> ciphers in this package.

3DES: 168 Bit (but btter think of 112 bit)
CAST5: 128
Blowfish: 128
Twofish: 128 or 256

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Düsseldorf http://www.openit.de

Re: About Symmetric Ciphers. [ In reply to ]

Apr 12, 2000, 2:09 AM

Post #3 of 6 (896 views)

On Tue, 11 Apr 2000, L. Sassaman wrote:

> What does GnuPG use? 256, right?

The OpenPGP WG agreed on 256 Bit. I don't like it but some folks
might think this is better for marketing. The probelm that I have
with it is that it requires more of those precious random bytes while
not giving any extra security - there are so much other parts which
actually limit the strength of the encryption (Rubber hose attacks,
Weak passphrase, 1024 DSA signatures to bind the key,...)

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Düsseldorf http://www.openit.de

Re: About Symmetric Ciphers. [ In reply to ]

johanw at vulcan

Apr 13, 2000, 10:27 AM

Post #4 of 6 (891 views)

Werner Koch wrote:

> The OpenPGP WG agreed on 256 Bit. I don't like it but some folks
> might think this is better for marketing. The probelm that I have
> with it is that it requires more of those precious random bytes while
> not giving any extra security - there are so much other parts which
> actually limit the strength of the encryption (Rubber hose attacks,
> Weak passphrase, 1024 DSA signatures to bind the key,...)

Except from the rubber hose attacks it might be usefull for symmetric
encryption only. I store some files encrypted but only encrypted with
a symmetric key. I don't see the need for the asymmetric cypher for
personal archival purposes.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

Re: About Symmetric Ciphers. [ In reply to ]

Apr 14, 2000, 1:25 AM

Post #5 of 6 (893 views)

On Thu, 13 Apr 2000, Johan Wevers wrote:

> > The OpenPGP WG agreed on 256 Bit. I don't like it but some folks

> encryption only. I store some files encrypted but only encrypted with
> a symmetric key. I don't see the need for the asymmetric cypher for
> personal archival purposes.

Just curious how you achieve to create and remember a passphrase
yielding enough entropy for a 256 bit key, this seems impossible for
me without a hardware token.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

Re: About Symmetric Ciphers. [ In reply to ]

johanw at vulcan

Apr 15, 2000, 3:21 AM

Post #6 of 6 (899 views)

Werner Koch wrote:

> Just curious how you achieve to create and remember a passphrase
> yielding enough entropy for a 256 bit key, this seems impossible for
> me without a hardware token.

Personally I don't, but to be honest I still use 128-bits IDEA for my
archives (I doubt scientology will be able to break that by brute-force
anyway). But if you use entire sentences for your passphrases, with
ElItE c00l spelling and so, wouldn't that suffice?

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html