On Sep 23, 2008, at 11:03 PM, Faramir wrote:
Well, I wrote what I intend to use as default preferences, but before
modifying anything I wanted to ask opinions...
For encryption: AES256 AES192 TWOFISH AES CAST5 3DES (didn't include
Blowfish because I was told it is not supported by PGP, and also its
author says people should move to Twofish). I am not sure if Twofish
uses 256 bits keys, or shorter (according to wikipedia, it can use
different lengths of keys).
It doesn't matter whether PGP supports Blowfish or not (this actually
depends on the PGP version - there are varying levels of support).
What matters for preferences is what *you* like. If you like
Blowfish, put it in there. It doesn't matter if a million or zero
other programs support it. Your preferences are purely what you like,
and whether anyone else supports it is irrelevant. The protocol takes
care of not using any cipher that you won't be able to decrypt.
Twofish in OpenPGP is a 256-bit cipher.
For hashing: SHA256 SHA512 SHA1 RIPEMD160 (I prefer to don't use SHA1
since it is not as safe as it was supposed to be, and since my key
doesn't expire, the idea is not having to alter it in shot or medium
time. SHA512 seems a bit oversized... but I suppose the sender will
decide what to use. I am not sure if to add the other SHA hashing
algo's
since something with a length that is not 2^n looks a bit unusual to
me...).
SHA-384 is actually SHA-512 with 128 bits lopped off. SHA-224 is
actually SHA-256 with 32 bits lopped off. Same algorithms, slightly
different setup.
And for compression: ZLIB BZIP2 ZIP Uncompressed
What is better, to use S1 S2 S2 codes, or the names? I figure using
the
codes would save a bit of space, and since I don't have to keep those
codes in my memory, it is not a problem for me to enter them that way.
Use the names. You're not wasting any space on the key, since the
names are always converted to a single byte each when written onto a
key. Plus, the names are just easier.
Now to the big question: is there any reason to change the default
preferences at all? No, not really. The defaults were carefully
chosen to be good conservative algorithms. Why change that? For what
it's worth, I can say that unlike most poking about and changing
values in OpenPGP, you can't really hurt yourself changing the
preferences. The very worst thing you can do to yourself is end up
using 3DES for your cipher, and that's just fine (some people even
select it on purpose). 3DES is very secure, but very slow.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
