Discussion:
Which Algorithm For Generating Key?
(too old to reply)
PGP Newbie
2004-10-15 08:57:13 UTC
Permalink
have been re-introduced to e-mail encryption via PGP. I haven't used it since about 1991 or so
when I had an old IBM-XT (I think it was PGP v2.6 that I had then) so I am catching up on its use
and effectiveness.

My question is, which of the five algorithms offered is the "strongest" one to use for signing and
encrypting? I've been reading the manual but it doesn't really clarify that matter. Any opinions?
Key size doesn't matter, the computer is fast.

The reason why i'm getting back into e-mail encryption..?? Two reasons:

First, it's kinda neat. I dabbled in encrytion back in the mid-1980's with an Apple ][e. We used
to experiment and share encrypted messages with a few other crypto buffs that were online during
those 300 baud BBS days. The program we used was based on the same type of operation as the
historical Enigma machine (anyone remember the name of the software..??). It was neat and majorly
pi$$ed off the SysOps of the BBS's we were on. Its use got us kicked off several of them as we
deprived a SysOps favourite passtime of reading other peoples e-mail. (evil laughter).

Second, I just discovered that passtime is still alive and well it seems. We have to use the
internal e-mail client at the school I am attending, and in a round-about way I heard that
occasionally for entertainment purposes, private e-mail is read, also supposedly there is a law
requiring schools and businesses to store e-mail history for x-amount of time (haven't determined
that yet.. seems to be 6 months to 7 years?). So it's all the more reason to establish some level
of privacy, right?

Thanks for any suggestions!
Tom McCune
2004-10-15 10:35:21 UTC
Permalink
Post by PGP Newbie
have been re-introduced to e-mail encryption via PGP. I haven't
used
it since about 1991 or so
when I had an old IBM-XT (I think it was PGP v2.6 that I had then)
so I am catching up on its use and effectiveness.
My question is, which of the five algorithms offered is the
"strongest" one to use for signing and encrypting? I've been
reading the manual but it doesn't really clarify that matter. Any
opinions? Key size doesn't matter, the computer is fast.
First, it's kinda neat. I dabbled in encrytion back in the
mid-1980's with an Apple ][e. We used to experiment and share
encrypted messages with a few other crypto buffs that were online
during those 300 baud BBS days. The program we used was based on
the same type of operation as the historical Enigma machine (anyone
remember the name of the
software..??). It was neat and majorly pi$$ed off the SysOps of
the BBS's we were on. Its use got us kicked off several of them as
we deprived a SysOps favourite passtime of reading other peoples
e-mail. (evil laughter).
Second, I just discovered that passtime is still alive and well it
seems. We have to use the internal e-mail client at the school I
am attending, and in a round-about way I heard that occasionally
for
entertainment purposes, private e-mail is read, also supposedly
there is a law requiring schools and businesses to store e-mail
history for x-amount of time (haven't determined that yet.. seems
to be 6 months to 7 years?). So it's all the more reason to
establish some level of privacy, right?
Thanks for any suggestions!
Since all the PGP options appear completely secure at this time, you
are likely to receive a variety of opinions, including that it
therefore doesn't seem to really matter. My thoughts on this are at
http://www.mccune.cc/PGPpage2.htm#Symmetric
PGP Newbie
2004-10-16 12:03:41 UTC
Permalink
Ok, thanks for the pointers. I will have to decide.. this is kind of like trying to buy a chocolate
bar at the corner store... which one do I want...??? Heheh!
PGP Newbie
2004-10-16 12:17:42 UTC
Permalink
Oops, one other question I meant to ask. How is it that your signature block is several lines and
yet the ones i've generated in tests are at most 2 lines long? Just curious about that.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm
iQEVAwUBQW+n42DeI9apM77TAQKztwf9G+mswV8HzrErXOgtQ/LR5f7EMaP3I1qr
aQNwEZSuJwzVuvEIsKCnTNK0+w+0RdHojUC6XYjTP80WW+AGGMtvbixWFq68H9Xw
F714BL6VI62K8zQJhNV9FJZL14sn6m3Q9YI9wJJ4aBcp43Z6tZsJUf0LGWKKKGKC
S1vtyaA3C+Aqou/O0QWpS1tqejpE2zPwBFUG4HIThE4/wFYXnIU9aNafGkrOeWJe
2WDv8Qc35cbL4G+cNBZs2N9g5Z5/8Yq8EbeO6d6gNQpUbEQzgWV54yJS7fuEMnuC
cmbc4DechQQh1v09txv69n06c5stiHHET8C4Sdto5YetyOm6Oh4YDg==
=s2OE
-----END PGP SIGNATURE-----
Tom McCune
2004-10-16 13:07:16 UTC
Permalink
Post by PGP Newbie
Oops, one other question I meant to ask. How is it that your
signature block is several lines and yet the ones i've generated in
tests are at most 2 lines long? Just curious about that.
I signed with an RSA key, while you sign with a DSS key. See:
http://www.mccune.cc/PGPpage2.htm#Short
--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
PGP Newbie
2004-10-16 19:57:06 UTC
Permalink
Ahh.. thank you very much for the help! I'm slowly getting the hang of this. Great website, by the
way!
Post by Tom McCune
http://www.mccune.cc/PGPpage2.htm#Short
MikeyD
2004-10-15 15:43:44 UTC
Permalink
Post by PGP Newbie
have been re-introduced to e-mail encryption via PGP. I haven't used it
since about 1991 or so
when I had an old IBM-XT (I think it was PGP v2.6 that I had then) so I am
catching up on its use and effectiveness.
My question is, which of the five algorithms offered is the "strongest"
one to use for signing and
encrypting? I've been reading the manual but it doesn't really clarify
that matter. Any opinions? Key size doesn't matter, the computer is fast.
3DES is generally considered the most secure just because so many experts
have looked at it and failed to crack it - but against that, it was
designed by the NSA.AES keys are under-strength, at the moment it's not
something to worry about (just something like effective key length=4/5 key
length) but like md5 I wouldn't trust it with anything you want to stay
secure for a while. But other than that they're all fairly strong, so take
your pick really, choose whichever you like. Personally I like CAST, as the
only criticism I've ever seen of it is that it's an ugly algorithm.
Bill Unruh
2004-10-17 20:30:16 UTC
Permalink
MikeyD <***@hotmail.com> writes:

]-----BEGIN PGP SIGNED MESSAGE-----
]Hash: SHA1

]PGP Newbie wrote:

]> have been re-introduced to e-mail encryption via PGP. I haven't used it
]> since about 1991 or so
]> when I had an old IBM-XT (I think it was PGP v2.6 that I had then) so I am
]> catching up on its use and effectiveness.
]>
]> My question is, which of the five algorithms offered is the "strongest"
]> one to use for signing and
]> encrypting? I've been reading the manual but it doesn't really clarify
]> that matter. Any opinions? Key size doesn't matter, the computer is fast.
]>
]3DES is generally considered the most secure just because so many experts
]have looked at it and failed to crack it - but against that, it was
]designed by the NSA.AES keys are under-strength, at the moment it's not
]something to worry about (just something like effective key length=4/5 key
]length) but like md5 I wouldn't trust it with anything you want to stay
]secure for a while. But other than that they're all fairly strong, so take
]your pick really, choose whichever you like. Personally I like CAST, as the
]only criticism I've ever seen of it is that it's an ugly algorithm.

Hmm. 3DES has not been looked at most. DES has, but 3DES is not DES.
3DES is almost certainly weaker than the length of its key indicates. 3DES
is probably the slowest by a long shot of the bunch.
3DES was NOT designed by the NSA. DES was designed by IBM with some
suggestions from NSA. 3DES arose naturally once it was realised how
vulnerable DES was due to its weak key.
MikeyD
2004-10-18 15:32:57 UTC
Permalink
Post by Bill Unruh
]3DES is generally considered the most secure just because so many experts
]have looked at it and failed to crack it - but against that, it was
]designed by the NSA.AES keys are under-strength, at the moment it's not
]something to worry about (just something like effective key length=4/5
key ]length) but like md5 I wouldn't trust it with anything you want to
stay ]secure for a while. But other than that they're all fairly strong,
so take ]your pick really, choose whichever you like. Personally I like
CAST, as the ]only criticism I've ever seen of it is that it's an ugly
algorithm.
Hmm. 3DES has not been looked at most. DES has, but 3DES is not DES.
3DES is almost certainly weaker than the length of its key indicates. 3DES
is probably the slowest by a long shot of the bunch.
3DES was NOT designed by the NSA. DES was designed by IBM with some
suggestions from NSA. 3DES arose naturally once it was realised how
vulnerable DES was due to its weak key.
DES is not one of the available algorithms. Of those available, I have read
the most about 3DES, and 3DES is the only one for which I have seen
detailed statistics on how much computing power it takes to do known
plaintext or pure brute force attacks. Every time I've read
recommendations, they've said that 3DES has been looked at the most. And
yes, 3DES itself was not designed by the NSA, but the NSA's involvement in
DES leads some paranoid people to suspect they may have a backdoor for DES,
which would most likely also work against 3DES.
d***@gmail.com
2013-01-25 10:14:26 UTC
Permalink
est-ce que je peut avoir les algorithmes qui sont utilisé dans le chiffrement et le déchiffrement de PGP
Loading...