On 02/25/2011 03:22 PM, Ben McGinnes wrote: > You shouldn't need to worry about changing the preferred order. GPG > will determine the most compatible combination of ciphers and hashes > based on the keys used to encrypt messages. For example, my preferred > symmetric cipher is AES-256, but on a certain mailing list I'm on > encrypted messages sent there use Triple-DES because of the > preferences/limitations of other recipients' keys. That's all the > settings I listed were, an order of preference and not forcing one > particular algorithm to the exclusion of all else.
Yeah. I'm not one that tends to break from default much, so if GnuPG has a good sane default set of cipher, signing and compression preferences, then who am I to argue? However, I did generate an RSA subkey, so I could get those SHA2 signing algos, and I want to use them. So, with that said, here's what I came up with for my own personal preference: Cipher: TWOFISH, CAMELLIA256, AES256, CAMELLIA192, AES192, CAMELLIA128, AES, BLOWFISH, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5 Compression: BZIP2, ZLIB, ZIP, Uncompressed I chose Twofish as my first 256-bit cipher, as I support Bruce Schneier and it's shown to be a very robust and capable cipher, both in terms of speed and memory usage. I then put Camellia over AES due to the low power consumption. I don't trust 3DES, and I don't know much about CAST5 other than what Wikipedia has. Also, my understanding on how the preferences are chosen by GnuPG is the following: 1. User wishes to encrypt mail to me, so my cipher preferences in my public key are pulled. 2. My first preference, Twofish, is used, only if the sender supports the Twofish algorithm. 3. If not, the next cipher in my preference list, Camellia256, is then chosen, so long as the sender also supports Camellia256. 4. Proceed inductively, until a matching cipher that can be agreed on between the two parties is chosen. 5. Message is encrypted using the agreed algorithm. 6. The same is used for signatures and compression. Is this accurate? Thoughts on the order of my prefs? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users