Re: GnuPG Defaults
For whatever it's worth, many people within the OpenPGP community would really like to see a lot of algorithms go away. (E.g., if it were up to me, only DSA, ElG, AES, 3DES, SHA1 and SHA256 would be supported.) Some people reduce their advertised capabilities in order to encourage moving to a smaller algorithm set. Based on the lack of vulnerabilities of those limited set of algorithms (excluding SHA1 -- another topic entirely), it would seem to be prudent to refine the number of acceptable algorithms. When the SHA family is eventually supplanted and Camellia cipher officially recognized, I only see this list expanding, not shrinking! -- Kevin Hilton ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
Kevin Hilton kevhilton at gmail.com wrtoe on Wed Sep 17 07:41:16 CEST 2008 : If I do not specify a personal-cipher-preference or cipher-algo within the gpg.conf file, 3DES will always be chosen as the cipher algorithm? no for ?? historical reasons of compatibility ?? with pgp 5+ the default cipher that will be used for encryption, and also for protection of the secret key, is CAST-5, not 3DES you were quite correct in your earlier post, in your understanding that 3DES is only an 'implementation' default, meaning that in order to be open pgp compliant, it 'must' be included as a cipher, even if no other ciphers are another things that affects how gnupg chooses a cipher is the option of; s2k-cipher-algo ciphername (by default, if this option is not used, gnupg uses CAST-5 for symmetrical ciphers when no key is specified) vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Click here for great computer networking solutions! http://tagline.hushmail.com/fc/Ioyw6h4fM6mlVMFxTUgurHR7YuVJJ5JCngkiB9TyqrCBaciWWXbNkr/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
On Wed, 17 Sep 2008 16:16, [EMAIL PROTECTED] said: for ?? historical reasons of compatibility ?? with pgp 5+ the default cipher that will be used for encryption, and also for protection of the secret key, is CAST-5, not 3DES Nope, 3DES is the only MUST cipher algorithm and thus used as the last-resort if the preference system can't decide upon onather algorithm. CAST5 is like IDEA only a SHOULD in OpenPGP as per rfc2440. The updated OpenPGP (rfc4880) changed this SHOULD algorithms to AES-128 and CAST5 but kept 3DES as MUST algorithm. Shalom-Salam, Werner -- Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
On Wed, Sep 17, 2008 at 12:41:16AM -0500, Kevin Hilton wrote: Would not this output seem to imply the key was generated with preference for the AES family over 3DES? No. The preferences on a key are actually not very preferential. It's a capability list far more than it is a preference list. The fact AES comes before CAST5 matters very little. personal-cipher-preferences is what you're thinking of. This gets set in the gpg.conf file, not on your key. Thanks, I was definitely misguided. However just a quick followup. My gpg version contains far more capabilities (ie TWOFISH, BLOWFISH), than what was listed in the key. Why were these not included in the capability list? For several reasons, firstly, it's pure crypto conservatism. Don't use n+1 algorithms where n could work. The other reason is more practical - as can be seen by the never-ending discussion over IDEA, and the will version X work with version Y questions, there is some benefit to knowing that everyone can handle the same algorithms. When the decision was made to only include a subset of algorithms in the default preference list, PGP didn't fully support preference lists, and this spawned a whole array of --pgp6, --pgp7, --pgp8 options to tell GPG who was on the other side. Nowadays, PGP fully supports preference lists, but we've stuck with the shorter cipher list. It's simpler, and simpler is usually better in the crypto world. If I do not specify a personal-cipher-preference or cipher-algo within the gpg.conf file, 3DES will always be chosen as the cipher algorithm? No. If you don't specify, GPG will take the union of every cipher preference on every key you are encrypting to. It will pick the cipher from that list. If that list is empty, it will pick 3DES. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
On Wed, Sep 17, 2008 at 12:52:08AM -0500, Kevin Hilton wrote: For whatever it's worth, many people within the OpenPGP community would really like to see a lot of algorithms go away. (E.g., if it were up to me, only DSA, ElG, AES, 3DES, SHA1 and SHA256 would be supported.) Some people reduce their advertised capabilities in order to encourage moving to a smaller algorithm set. Based on the lack of vulnerabilities of those limited set of algorithms (excluding SHA1 -- another topic entirely), it would seem to be prudent to refine the number of acceptable algorithms. When the SHA family is eventually supplanted and Camellia cipher officially recognized, I only see this list expanding, not shrinking! This is up to you. You can list whatever algorithms you want to accept on your key. Your key, your rules. Someone elses key, someone elses rules. OpenPGP will automatically pick an algorithm that is acceptable to everyone. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG Defaults
David Shaw wrote: No. If you don't specify, GPG will take the union of every cipher preference on every key you are encrypting to. It will pick the cipher from that list. If that list is empty, it will pick 3DES. Thanks -- I think I understand the cipher selection process as you describe it. Thanks everyone for the clarification. -- Kevin Hilton ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG Defaults
I'm sure its probably contained in one of the RFC's, however when was DSA signing keys and ElGamal Encryption keys, along with the AES-256 cipher and SHA1 digest chosen as the defaults for key generation? Any particular reasons these were chosen as the defaults? (This is not an attempt to lure people into a discussion of which is better than that). I'm just curious why these were chosen as defaults. -- Kevin Hilton ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
On Tue, Sep 16, 2008 at 11:50 PM, Robert J. Hansen [EMAIL PROTECTED] wrote: Kevin Hilton wrote: I'm sure its probably contained in one of the RFC's, however when was DSA signing keys and ElGamal Encryption keys, along with the AES-256 cipher and SHA1 digest chosen as the defaults for key generation? Any particular reasons these were chosen as the defaults? DSA-1024 is a MUST in the RFC, and therefore is interoperable with every conforming OpenPGP implementation. Likewise with SHA-1. AES is a SHOULD, and is interoperable with the great majority of OpenPGP applications (PGP 7.1+). As DSA-2048 and DSA-3072 support becomes more commonplace (read: as people migrate away from older versions of PGP and GnuPG, a process that takes astonishingly long), you can expect to see the defaults change. I don't know too many people who are still enthusiastic about DSA-1024, although it's still considered infeasible to break it. Im slighly confused. I thought in terms of GnuPG - AES256 was the default cipher as of version 1.48. I thought 3DES was still the standard cipher according to the OpenGPG spec. I dont use PGP, however it would seem that you were implying 3DES is still the default cipher type in this product? Any knowledge on why ElGamal was chosen over RSA as the default session key cipher? -- Kevin Hilton ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
On Sep 17, 2008, at 12:38 AM, Kevin Hilton wrote: I'm sure its probably contained in one of the RFC's, however when was DSA signing keys and ElGamal Encryption keys, along with the AES-256 cipher and SHA1 digest chosen as the defaults for key generation? Any particular reasons these were chosen as the defaults? (This is not an attempt to lure people into a discussion of which is better than that). I'm just curious why these were chosen as defaults. There were many reasons behind it, but a significant one was that DSA signing keys and Elgamal encryption keys were not patented. It is difficult to establish a new protocol if a major chunk of it is patented. SHA1 was the state of the art hash then, and an obvious choice. AES256 is not the default cipher. 3DES is. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
On Sep 17, 2008, at 12:51 AM, Kevin Hilton wrote: On Tue, Sep 16, 2008 at 11:50 PM, Robert J. Hansen [EMAIL PROTECTED] wrote: Kevin Hilton wrote: I'm sure its probably contained in one of the RFC's, however when was DSA signing keys and ElGamal Encryption keys, along with the AES-256 cipher and SHA1 digest chosen as the defaults for key generation? Any particular reasons these were chosen as the defaults? DSA-1024 is a MUST in the RFC, and therefore is interoperable with every conforming OpenPGP implementation. Likewise with SHA-1. AES is a SHOULD, and is interoperable with the great majority of OpenPGP applications (PGP 7.1+). As DSA-2048 and DSA-3072 support becomes more commonplace (read: as people migrate away from older versions of PGP and GnuPG, a process that takes astonishingly long), you can expect to see the defaults change. I don't know too many people who are still enthusiastic about DSA-1024, although it's still considered infeasible to break it. Im slighly confused. I thought in terms of GnuPG - AES256 was the default cipher as of version 1.48. I thought 3DES was still the standard cipher according to the OpenGPG spec. I dont use PGP, however it would seem that you were implying 3DES is still the default cipher type in this product? 3DES is the default cipher for every and all OpenPGP compliant program. Any knowledge on why ElGamal was chosen over RSA as the default session key cipher? I'm not sure what you mean by session key cipher. Elgamal, like RSA, is a public key (aka asymmetric) algorithm. It was chosen largely because it was patent-free, and at the time, RSA was most certainly not. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
Kevin Hilton wrote: Any knowledge on why ElGamal was chosen over RSA as the default session key cipher? U, Because RSA was patent-encumbered up until Sept 6, 2000? -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:[EMAIL PROTECTED] Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
John Clizbe wrote in response to Kevin Hilton: Because RSA was patent-encumbered up until Sept 6, 2000? When PGP 2.6 first came out, there was a big legal kerfuffle over intellectual property rights to the RSA and IDEA algorithms. When PGP 5 came out, PGP embraced different, non-encumbered algorithms (DSA and CAST5). Since OpenPGP grew directly out of PGP 5, OpenPGP gets a lot of historical baggage from PGP 5's decisions. That's the nutshell explanation. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
Kevin Hilton wrote: Would not this output seem to imply the key was generated with preference for the AES family over 3DES? No. The preferences on a key are actually not very preferential. It's a capability list far more than it is a preference list. The fact AES comes before CAST5 matters very little. personal-cipher-preferences is what you're thinking of. This gets set in the gpg.conf file, not on your key. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
Kevin Hilton wrote: My gpg version contains far more capabilities (ie TWOFISH, BLOWFISH), than what was listed in the key. Why were these not included in the capability list? That's a question for David and/or Werner to answer. For whatever it's worth, many people within the OpenPGP community would really like to see a lot of algorithms go away. (E.g., if it were up to me, only DSA, ElG, AES, 3DES, SHA1 and SHA256 would be supported.) Some people reduce their advertised capabilities in order to encourage moving to a smaller algorithm set. If I do not specify a personal-cipher-preference or cipher-algo within the gpg.conf file, 3DES will always be chosen as the cipher algorithm? Beats me. I haven't looked at the source in a while. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG Defaults
Kevin Hilton wrote: I'm sure its probably contained in one of the RFC's, however when was DSA signing keys and ElGamal Encryption keys, along with the AES-256 cipher and SHA1 digest chosen as the defaults for key generation? Any particular reasons these were chosen as the defaults? DSA-1024 is a MUST in the RFC, and therefore is interoperable with every conforming OpenPGP implementation. Likewise with SHA-1. AES is a SHOULD, and is interoperable with the great majority of OpenPGP applications (PGP 7.1+). As DSA-2048 and DSA-3072 support becomes more commonplace (read: as people migrate away from older versions of PGP and GnuPG, a process that takes astonishingly long), you can expect to see the defaults change. I don't know too many people who are still enthusiastic about DSA-1024, although it's still considered infeasible to break it. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users