On 9-Apr-06, at 7:28 PM, David Shaw wrote:
MDC can be forced on via --force-mdc. As Werner said, the preference
Excellent. So, the follow-up question is, should one use this option for files symmetrically encrypted for long-term storage (like if burned to a CD)?
system will automatically handle this for public key encryption. For symmetric encryption (which has no preference system), you can use --force-mdc if you want a MDC.
Can you briefly explain this "preference system"? As in, does this mean a given public key may/will have a preference for some algo stored in it and when my copy of GPG attempts to encrypt to that public key, it uses that symmetric cipher (when possible)?
In an effort to increase the use of MDC, it was noted that all implementations that could handle AES could also handle MDC. Thus, using any AES (or TWOFISH) turns the MDC flag on for you.
Ah, great! So there are at least two benefits of using AES over CAST5 then (larger keyspace and MDC turned on).
It is, but this is not a complete answer. Neither of you should have a cipher-algo set in your gpg.conf file. If you do, you're fighting against all the automatic parts of the system. Let GPG do what it is
Fair enough. I had set it because I was archiving some things for long-term storage and discovered it was defaulting to CAST5 and thought, why not use the largest keyspace I can?
But your point is taken, because I understand now that I was also forcing asymmetric encryption to use AES256 as the session cipher, which might cause problems.
Then again, if I send emails that I might not want people to decrypt 5 or 10 years from now, would I want session ciphers to be defaulting to AES256 instead of CAST5? Why is this the default?
-- Trevor Smith [EMAIL PROTECTED] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
