[Pkg-gnupg-maint] Bug#494194: gnupg: Choice of algorithms for --symmetric is obscure

Werner Koch wk at gnupg.org
Fri Aug 8 08:44:57 UTC 2008


Hi!

You are mixing up two things:

1. The key derivation function, commonly abbreviated as KDF but in
   OpenPGP as S2K (String to Key).

2. The encrytion algorithm.

The first is use to derive a key from a passphrase and the second to do
the actual encryption.  The goal of the key derivation is to make
disctionary attacks harder by introducing a salt.  This is for what all
the --s2k-* options are used.  The defaults are just fine but we provide
a method to tune them anyway.  The whole story is a bit more complicated
because pre-OpenPGP modes have to be taken into account.

Using --cipher-algo to select the actual cipher algorithm is justified
becuase that option may also be used to override the symmetric cipher
algorithm used with public key encryption.  It's use for symmetrict
encryption is required becuase we have no way to deduce the algorithm
from any otehr information (like we do from the public key in public key
encryption).

Even if you disagree with me on the above, we can't change anything
because it would break all applications using symmetric only encryption.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.






More information about the Pkg-gnupg-maint mailing list