Re: Security doubts on 3DES default

2017-03-16 Thread Werner Koch
On Thu, 16 Mar 2017 15:55, pe...@digitalbrains.com said: > Perhaps we should either retire ciphers with a 64-bit block length or > make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no > longer up to the user to be prudent with large amounts of data. Those who have large

RE: Security doubts on 3DES default

2017-03-16 Thread Robert J. Hansen
> Perhaps we should either retire ciphers with a 64-bit block length or make > OpenPGP mandatorily rekey after a few gigabytes of data, so it's no longer > up to the user to be prudent with large amounts of data. In the next draft of the RFC, I'd like to see 64-bit-block ciphers go the way of

Re: Security doubts on 3DES default

2017-03-16 Thread Peter Lebbing
On 16/03/17 15:21, Robert J. Hansen wrote: > -- but I'm unaware of any reason why we should not permit using 3DES as a > symmetric cipher. Perhaps we should either retire ciphers with a 64-bit block length or make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no longer up to

RE: Security doubts on 3DES default

2017-03-16 Thread Robert J. Hansen
> take rjh's caveat with a grain of salt -- GnuPG's interest is in protecting its > users. If the project knows something is bad, we're going to try to protect > users from it. In my defense, I never said GnuPG wasn't going to try to protect users from dangerous things. I said that until the

Re: Security doubts on 3DES default

2017-03-16 Thread Daniel Kahn Gillmor
On Wed 2017-03-15 07:13:18 -0400, Werner Koch wrote: > On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said: > >> So long as you understand GnuPG will not make any changes that break RFC >> conformance... and dropping SHA1/3DES breaks RFC conformance. > > Well, it is possible to use > >

Re: Security doubts on 3DES default

2017-03-15 Thread Robert J. Hansen
> --weak-digest SHA1 --disable-cipher-algo 3DES Yeah, but that's ... *bad*. Breaks most of the Web of Trust, makes most cert sigs meaningless, removes the fallback cipher ... I think this is a great example of a cure worse than the disease. :) Phil Pennock made a post a bit ago detailing his

Re: Security doubts on 3DES default

2017-03-15 Thread Werner Koch
On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said: > So long as you understand GnuPG will not make any changes that break RFC > conformance... and dropping SHA1/3DES breaks RFC conformance. Well, it is possible to use --weak-digest SHA1 --disable-cipher-algo 3DES with gpg. Shalom-Salam,

Re: Security doubts on 3DES default

2017-03-14 Thread Robert J. Hansen
> Apart from that, as GnuPG is in a kind of symbiosis with > OpenPGP/RFC4880, I think it's important to discuss this on this mailing > list (as well). So long as you understand GnuPG will not make any changes that break RFC conformance... and dropping SHA1/3DES breaks RFC conformance. > I agree

Re: Security doubts on 3DES default

2017-03-14 Thread Ryru
Thank you Robert for your response and point of view. On 03/13/2017 04:17 PM, Robert J. Hansen wrote: >> According to the gpg2 man page, 3DES is added always as kind of least >> common denominator: > > This is required behavior per RFC4880. Your concern should be addressed to > the IETF OpenPGP

Re: Security doubts on 3DES default

2017-03-13 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Monday 13 March 2017 at 11:02:48 PM, in , Robert J. Hansen wrote:- > I don't > know how you'd > come up with a real-world case where you'd need a > common hash algorithm > set for

Re: Security doubts on 3DES default

2017-03-13 Thread Robert J. Hansen
>> Again, required per the spec, and this can be >> prevented by having one person >> on the list use a DSA-2048/-3072 key, which forbids >> SHA-1 usage. > > Really? many of the messages to the PGPNET discussion group [0] have > SHA-1 signatures. Messages are signed and encrypted to about 30

Re: Security doubts on 3DES default

2017-03-13 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Monday 13 March 2017 at 3:17:07 PM, in , Robert J. Hansen wrote:- > Again, required per the spec, and this can be > prevented by having one person > on the list use a DSA-2048/-3072 key,

Re: Security doubts on 3DES default

2017-03-13 Thread Kristian Fiskerstrand
On 03/13/2017 01:47 PM, Ryru wrote: > Is my understanding correct or do I miss an important fact? What are > your thoughts about this behaviour? See section 13.2 of RFC4880, fyi the behavior changes in the context of RFC6637. My thoughts; concerns about 3DES are premature. The focus on

RE: Security doubts on 3DES default

2017-03-13 Thread Robert J. Hansen
> According to the gpg2 man page, 3DES is added always as kind of least > common denominator: This is required behavior per RFC4880. Your concern should be addressed to the IETF OpenPGP working group, not to GnuPG. > In my opinion this design decision can lead to serious security troubles. If >

Security doubts on 3DES default

2017-03-13 Thread Ryru
Hello List I'm new to this list and joined because I have some security doubts regarding encryption preferences (setpref/showpref). According to the gpg2 man page, 3DES is added always as kind of least common denominator: 8<--- When setting preferences, you should list the algorithms in the