On Mon, 15 Sep 2003 21:18:05 -0700 David Shaw <dshaw(_at_)jabberwocky(_dot_)com>
wrote:
Trying to be
backwards compatible by using IDEA in an algorithm conflict between
a
V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
to handle the message anyway due to the use of Elgamal.
Some experimentation shows that using IDEA when having a V3<=>V4
algorithm conflict only works if the V4 (sub)key is:
a) RSA
and
b) <=2112 bits
The above is true for MIT PGP 2.6.2 and PGP 2.6.3ia. I don't know
about Disastry's "2.6.3ia-multi05", or any other programs that might
implement RFC-1991.
it is not a problem at all in Disastry's multi builds, as they accept
all symmetrical algorithms, (and all hashes),
but by default, will encrypt using idea, and sign with md5, unless configured
otherwise, or overriden at the command line
(the -j command added at the end of a command, can specify an ovverride
and use any algorithm and hash)
Disastry's builds are capable of generating keys up to 8k,
and have no problems accepting messages simultaneously encrypted to a
4k rsa v4 key.
interestingly, it has no problem with the signature of a v4 rsa key either,
(no alerts, flags, or error messages at all)
it just can't verify it because it won't accept a v4 rsa key into the
keyring,
but it 'asks' to do so, when given a signature from a v4 rsa key, the
same as it would from an unknown v3 rsa key
--vedaal
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427