A few newbie Qs

Robert J. Hansen rjh at sixdemonbag.org
Sun Apr 27 03:36:26 CEST 2014


> Which algorithm is most secure/is there more non-college-math info
> on the web somewhere (no wikipedia please)? IDEA, 3DES, CAST5,
> BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192,
> CAMELLIA256

It's kind of like asking whether King Kong or Godzilla is the best at
urban demolition.  There are no clear answers here, and all rankings
will be hotly contentious.  Just discussing the different facets of the
problem requires college-level math: one might be slightly superior in
its resistance to differential cryptanalysis, another in
impossible-differentials, and so on.

The good news: all the ciphers in GnuPG are believed strong even in the
face of well-funded and highly-skilled adversaries.

> How sensitive is an email to assumption based deciphering?

These are called "known-plaintext attacks."

All the ciphers in GnuPG are believed to provide strong protection
against known-plaintext attacks.

> So, how hard is it, knowing some of the message, to discover the 
> whole thing and/or the private key of the user?

Really, really hard.  Like, "it would make the earth uninhabitable."

http://www.gnupg.org/faq/gnupg-faq.html#brute_force

> Is it polite to post saying that you want to sign keys with somebody 
> on a random mailing list?

Depends a lot on the mailing list.  I wish I could give clearer advice
than that.

> Is there a way to tell gpg2 to encrypt the body of a message with 
> something other then AES? (I've read that it uses AES for the body 
> and  I've read that AES is a fast, but not very good method of 
> encryption.)

Sure.  --personal-cipher-preferences will do this.  That said, you read
wrong: AES is considered one of the gold standards of strong
cryptography.  It's fast and believed highly resistant against
cryptanalysis.

> If my key expires, is using the same passpharse on another key a 
> safe/ok thing to do?

So long as you're confident your passphrase is still a secret, yes.

> Is there a limit practical or imposed on the lenght of a passpharse?
>  I'm thinking of a 740 char passphrase that, though containing 
> sentences and, therefore, making sense, (though perhaps only to some 
> sick people like me,) and also containing repetitions of words 4+ 
> chars long, is really easy for me to remember. Do you think that it 
> would be a good passphrase?

No.

English has about 1.5 bits of entropy per glyph.  Past about 384 letters
you're not making things any harder to guess.  Long passphrases also
silently encourage users to do risky things like cut-and-paste them.
(It's very easy for malware to look at the contents of your clipboard
buffer.)

> Is exporting a public key a great way to announce that you can't
> wait to be spammed? (Your email is included in the output, as is
> your name.)

No.  That's a 1995-2000 model of how spammers work.  Email address
harvesting got replaced by Markov models about 15 years ago.

> If multiple people sign a cert and return it to me how do I merge
> all the signatures back into my key on my computer?

GnuPG will do it automatically.  Just import the certs.



More information about the Gnupg-users mailing list