Mailing List Archive

I am no more interrsetd in this list
I cannot unsubscribe by the normal ways
please unsubcribe me



L. Sassaman a écrit:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 25 Apr 2000, Andreas Schamanek wrote:
>
> > How can I move from the default BLOWFISH to some other cipher? Since my
> > key is encrypted with BLOWFISH I can't just disable it, can I?
> >
> > I thought the trick is to remove the password, export the keys and
> > import them again with BLOWFISH disabled. But when I try to reprotect my
> > secret key GnuPG says
> >
> > gpg: protect_secret_key failed: unknown cipher algorithm
> >
> > Probably, I misunderstood some basics. Any clarification appreciated.
>
> I *think*, that if you delete your self sigs, set --s2k-cipher-algo to be
> a differenyt cipher, --disable-cipher-algo BLOWFISH, re-self-sign the
> keys, export with no password, import, assign a password, you should be
> fine.
>
> While you are at it, --disable-pubkey-algo ELG-S is another good
> precaution.
>
> > Last question: If we should avoid BLOWFISH what cipher should we use?
> > I know that this question cannot be dealt with in detail here. But maybe
> > somebody can write a short note about her or his preferences (without
> > being flamed by others ;) from an average user's point of view.
>
> 3DES is slow, but it is the most extensively reviewed, and it required to
> be in all OpenPGP products. IDEA and CAST5 are pretty well respected, are
> "SHOULDs" in the OpenPGP spec, and are faster than 3DES. IDEA has patent
> issues, and not all GnuPG users will have it enabled. So I would nix
> that. CAST5 is a good choice; fairly fast, fairly well respected (more so
> than Blowfish, not as trusted as 3DES).
>
> Twofish is the fastest of all of these, and also the newest. PGP 6.x and
> before does not support it.
>
> All versions of PGP greater than 1 support IDEA.
>
> PGP 5.x and up, as well as GnuPG, support CAST5 and 3DES.
>
> Take your pick...
>
> > The alternatives so far are: 3DES, CAST5 and TWOFISH.
> >
> >
> > Regards,
> >
> > -- Andreas
> >
>
> __
>
> L. Sassaman
>
> System Administrator |
> Technology Consultant | [This space for rent]
> icq.. 10735603 |
> pgp.. finger://ns.quickie.net/rabbi |
>
> -----BEGIN PGP SIGNATURE-----
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE5Bfz3PYrxsgmsCmoRAhbJAKCQxSKkB2A5aoQZ1Ys6jzvfvRfw9ACgwLEh
> rPLASUr1NJbCzucdvaJzA5Y=
> =aYTy
> -----END PGP SIGNATURE-----

--
-----------------------------------------------------------------------------------------------
Pierre-Henri SENESI formateur technologie Institut Universitaire de
Formation des Maitres Nice
Technology trainer University Institute for Teacher Training
Nice France
43, Av. Stephen Liegeard F 06100 NICE France tél/fax
(33)/(0) 492.07.74.89
-----------------------------------------------------------------------------------------------

I am no more interrsetd in this list
I cannot unsubscribe by the normal ways
please unsubcribe me



Andreas Schamanek a écrit:
>
> On Mon, 24 Apr 2000, L. Sassaman wrote:
>
> > > On Mon, 24 Apr 2000, L. Sassaman wrote:
> > >
> > > > Also, disabling blowfish altogether is probably a good idea.
> >
> > Because it isn't as well reviewed as 3DES, well respected as CAST5 or
> > IDEA, or as fast as Twofish. It's not supported by PGP for these reasons,
> > and using it will cause potential problems if you intend to be able to use
> > a GnuPG generated keypair with PGP.
>
> Actually, I like blowfishes (I mean the fish) but I understand that
> there are better alternatives when dealing with encryption.
>
> How can I move from the default BLOWFISH to some other cipher? Since my
> key is encrypted with BLOWFISH I can't just disable it, can I?
>
> I thought the trick is to remove the password, export the keys and
> import them again with BLOWFISH disabled. But when I try to reprotect my
> secret key GnuPG says
>
> gpg: protect_secret_key failed: unknown cipher algorithm
>
> Probably, I misunderstood some basics. Any clarification appreciated.
>
> Last question: If we should avoid BLOWFISH what cipher should we use?
> I know that this question cannot be dealt with in detail here. But maybe
> somebody can write a short note about her or his preferences (without
> being flamed by others ;) from an average user's point of view.
>
> The alternatives so far are: 3DES, CAST5 and TWOFISH.
>
> Regards,
>
> -- Andreas

--
-----------------------------------------------------------------------------------------------
Pierre-Henri SENESI formateur technologie Institut Universitaire de
Formation des Maitres Nice
Technology trainer University Institute for Teacher Training
Nice France
43, Av. Stephen Liegeard F 06100 NICE France tél/fax
(33)/(0) 492.07.74.89
-----------------------------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 25 Apr 2000, L. Sassaman wrote:

> While you are at it, --disable-pubkey-algo ELG-S is another good
> precaution.

why? and how? i did as you specified it and lost rsa, gaining nothing.
maybe i should look into the source, but at right this time i haven't any.

- --
ino-waiting@gmx.net

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOQc2G9RoW4hIlMSDEQKSqgCgzBoe4w6D7CM2IWik3SsNaQR5Tr0AniDt
LhsAiPYXEDd+I048ZTuie9iH
=0mGb
-----END PGP SIGNATURE-----

On Wed, 26 Apr 2000, Pierre-Henri.Senesi@taloa.unice.fr wrote:

> I am no more interested in this list
> I cannot unsubscribe by the normal ways
> please unsubscribe me

does someone have this pour soul on a list by accident? and might remove
his address off of it? maybe a local gnupg-users copied in a hurry...

--
ino-waiting@gmx.net

On Wed, 26 Apr 2000, L. Sassaman wrote:

> You lost RSA? how odd. That should disable ElGamal signing keys, which are
> too insecure to be trusted.

these are my options:

default-key 4894C483
force-v3-sigs
compress-algo 1
cipher-algo cast5
digest-algo sha1
s2k-cipher-algo cast5
disable-cipher-algo blowfish
# vvvvv
disable-pubkey-algo ELG-S
escape-from-lines
armor
verbose
comment "gpg 1.0.1"
lock-once
completes-needed 2
marginals-needed 3
max-cert-depth 4
no-comment
no-version
load-extension idea
load-extension rsa

...and this is the output of "gpg --version":

gpg (GnuPG) 1.0.1
Copyright (C) 1999 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Cipher: IDEA, 3DES, CAST5, TWOFISH
Pubkey: ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160

--
ino-waiting@gmx.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 26 Apr 2000, L. Sassaman wrote:

> That should not have disabled RSA... seems like a very obscure bug. But I
> was wrong, it looks like ElGamal signing is ELG, not ELG-S?

thatsitthatsitthatsit! how could i've been so ignorant!

disable-pubkey-algo ELG

makes gpg --version output:

gpg (GnuPG) 1.0.1
Copyright (C) 1999 Free Software Foundation, Inc.
Home: ~/.gnupg
Supported algorithms:
Cipher: IDEA, 3DES, CAST5, TWOFISH
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Hash: MD5, SHA1, RIPEMD160

- --
ino-waiting@gmx.net

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOQfATNRoW4hIlMSDEQJmWQCfXcfeqVyrY5jOCfY+jr5mffTUNOkAn1/W
GK2FIaXoaYJ9MiZU6SGEDzgH
=nKPR
-----END PGP SIGNATURE-----

L. Sassaman wrote:

> That should disable ElGamal signing keys, which are
> too insecure to be trusted.

I thought GnuPG now avoided all the known problems with ElGamal
signing. Is this not the case?

----------------------------------------------------------------------
phone +44 (0) 20 8542 7856, fax +44 (0) 20 8543 0176, post:
Skygate Technology Ltd, 8 Lombard Road, Wimbledon, London, SW19 3TZ

On Thu, 27 Apr 2000, Pete Chown wrote:

> I thought GnuPG now avoided all the known problems with ElGamal
> signing. Is this not the case?

ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the
problems. I don't suggest to use them, however some folks feel like
it is a good idea to have a fallback algorithm.

Blowfish is a well respected algorithm and has been used by the first
PGP 5 version. It is faster than CAST-5 and OpenPGP compatible.
Twofish is not yet OpenPGP and not in wide use mainly because NAI
refused to accept most OpenGPG WG suggestions because they don't want
to implement it in their product.

GnuPG is not PGP nor an NAI product but an OpenPGP implementation; so
there is no reason to head for PGP x.x compatibilty. NAI is selling a
proprietary product - GnuPG is free software. The GNU project is
doing software to create a free operating system and not to compete
with proprietary products. If NAI wants to be compatible to GnuPG,
they should fix PGP: I guess they have far more developers than we.


Werner


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Sun, Apr 30, 2000 at 02:25:20PM +0200, Werner Koch wrote:

> ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the
> problems. I don't suggest to use them, however some folks feel like
> it is a good idea to have a fallback algorithm.

so what _are_ the well known probs with elgamal s+e which gnupg avoids?

> Blowfish is a well respected algorithm and has been used by the first
> PGP 5 version. It is faster than CAST-5 and OpenPGP compatible.
> Twofish is not yet OpenPGP and not in wide use mainly because NAI
> refused to accept most OpenGPG WG suggestions because they don't want
> to implement it in their product.

i guess it was rabbi who said blowfish isn't all that well reviewed. you
see, the problem with my less thna profound background in math is that i
have to trust the reviewers. could someone please be nice enough to give a
comparison of the symmetric/asymmetric ciphers implemented in gnupg?

> with proprietary products. If NAI wants to be compatible to GnuPG,
> they should fix PGP: I guess they have far more developers than we.

-*- YES! -*-

--
ino-waiting@gmx.net

> -----Original Message-----
> From: L. Sassaman [mailto:rabbi@quickie.net]
> Sent: 01 May 2000 00:43
> To: s.simpson@mia.co.uk
> Cc: gnupg-users@gnupg.org
> Subject: Re: getting rid of blowfishes
>
>
> On Sun, 30 Apr 2000, Werner Koch wrote:
>
> > On Thu, 27 Apr 2000, Pete Chown wrote:
> >
> > > I thought GnuPG now avoided all the known problems with ElGamal
> > > signing. Is this not the case?
> >
> > ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the
> > problems. I don't suggest to use them, however some folks
> feel like
> > it is a good idea to have a fallback algorithm.
>
> I didn't mean to sound like I was saying it wasn't OpenPGP
> compatable. I
> just don't think it is advisable to use them, as you say.
>
> Having a fall
> back algorithm is a good idea... I just worry that people see it and
> decide to use it, not knowing any of the issues involved.

Fortunately the GnuPG crowd appear to be more technically competent
(probably because it runs on Linux and users are already technically aware I
guess) so there is less of an issue with GnuPG users creating non-compatible
keys inappropriately.

> > Blowfish is a well respected algorithm and has been used by
> the first
> > PGP 5 version. It is faster than CAST-5 and OpenPGP compatible.
> > Twofish is not yet OpenPGP and not in wide use mainly because NAI
> > refused to accept most OpenGPG WG suggestions because they
> don't want
> > to implement it in their product.
>
> Well, let's not be so harsh with the suppositions here. I
> think you will
> be pleasantly surprised with 7.0.

Don't tell me that finally, 3 or 4 months before AES is finally selected,
PGP will start implementing Twofish which most likely will not be selected
as the final algorithm?

I personally disagreed with the implementation of Twofish anyway (block
cipher strength is certainly not the weakest part of OpenPGP...), but I
think it's *extremely* poor timing to introduce it this late in the day
prior to the selection of AES.

You will then no doubt have the newbies asking "which is best, Twofish or
AES?" where the answer should be damn obvious.

To quote Schneier (Oct '99) "Twofish is really too new to be used." - and
you guys are fielding it in a production system? ;)


> > GnuPG is not PGP nor an NAI product but an OpenPGP
> implementation; so
> > there is no reason to head for PGP x.x compatibilty. NAI
> is selling a
> > proprietary product - GnuPG is free software. The GNU project is
> > doing software to create a free operating system and not to compete
> > with proprietary products. If NAI wants to be compatible to GnuPG,
> > they should fix PGP: I guess they have far more developers than we.
>
> I have to disagree slightly with this. I think it is
> important for both
> the PGP developers and the GnuPG developers to strive for
> compatability
> with each other's product. Fragmenting the OpenPGP community
> is not a good thing, for anyone involved.


Agree 100%!

> - --Len.
>
> __
>
> L. Sassaman
>
> System Administrator |
> Technology Consultant | "To hold a pen is to be
> at war."
> icq.. 10735603 |
> pgp.. finger://ns.quickie.net/rabbi | --Voltaire


Regards,

Sam Simpson
IT Operations Manager
MIA Ltd

I cant agree with you more! Theres to mush work convincing people to
encrypt as it is. Wee cant expect the everyday users to learn all
about different OpenPGP implementations, and how to use them with each
other. Thats why I think that the all defaults in gpg must be something
that both OpenPGP and nai PGP likes and suports!

On Sun, 30 Apr 2000, L. Sassaman wrote:

>I have to disagree slightly with this. I think it is important for both
>the PGP developers and the GnuPG developers to strive for compatability
>with each other's product. Fragmenting the OpenPGP community is not a good
>thing, for anyone involved.
>
>L. Sassaman

/johan
_________________________________________________
Johan Lundberg Råggatan 2, 2TR
http://www.physto.se/~p99jlu/ 118 59 Stockholm
mail:p99jlu@physto.se +46 (0)8-64 223 48
B847 687B 8971 0AAC 1C29 DBA1 AB5F 664F D3A0 A0E5

> -----Original Message-----
> From: L. Sassaman [mailto:rabbi@quickie.net]
> Sent: 02 May 2000 20:58
> To: s.simpson@mia.co.uk
> Cc: gnupg-users@gnupg.org
> Subject: RE: getting rid of blowfishes
>
> On Tue, 2 May 2000, Simpson, Sam wrote:
>
> > Fortunately the GnuPG crowd appear to be more technically competent
> > (probably because it runs on Linux and users are already
> technically aware I
> > guess) so there is less of an issue with GnuPG users
> creating non-compatible
> > keys inappropriately.
>
> Yeah, but then there are all those RedHat users. <ducks>

<g>.

> > Don't tell me that finally, 3 or 4 months before AES is
> finally selected,
> > PGP will start implementing Twofish which most likely will
> not be selected
> > as the final algorithm?
>
> I said nothing to that extent. But, just for the sake of
> argument (note
> that none of this should be interpretted as anything more
> than theory),
> the working group has already assigned 256 bit Twofish its
> own packet ID,
> so that it could be implemented in addition to AES.

Yes, I noted that.

> > I personally disagreed with the implementation of Twofish
> anyway (block
> > cipher strength is certainly not the weakest part of
> OpenPGP...), but I
> > think it's *extremely* poor timing to introduce it this
> late in the day
> > prior to the selection of AES.
>
> Again, this has nothing to do with AES.

ok, well why do OpenPGP members think it's a good idea to implement (or
include as an algorithm identifier...) Twofish? I had quite a debate on the
mailing list and nobody had a good explanation why it has been included
above other (seemingly more secure...) algorithms.

> > You will then no doubt have the newbies asking "which is
> best, Twofish or
> > AES?" where the answer should be damn obvious.
>
> Agreed.
>
> > To quote Schneier (Oct '99) "Twofish is really too new to
> be used." - and
> > you guys are fielding it in a production system? ;)
>
> I never said that. However, you're glossing over the fact
> that GnuPG uses it...

I'm certainly not. I've expressed my opinions on GnuPG implementing the
algorithm too (for example: S.Simpson, "[PGP]: PGP / AES / Twofish (Long)",
PGP-Users mailing list, 8th Mar 1999).


Regards,

Sam Simpson
IT Operations Manager
MIA Ltd