On Wed 2017-03-15 07:13:18 -0400, Werner Koch wrote: > On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said: > >> So long as you understand GnuPG will not make any changes that break RFC >> conformance... and dropping SHA1/3DES breaks RFC conformance. > > Well, it is possible to use > > --weak-digest SHA1 --disable-cipher-algo 3DES > > with gpg.
and some of us have experimented with running this kind of configuration (at the very least with --weak-digest SHA1) for quite some time now. take rjh's caveat with a grain of salt -- GnuPG's interest is in protecting its users. If the project knows something is bad, we're going to try to protect users from it. that said, data in a store-and-forward format (or for persistent backups) makes it tricky to fully remove something. Should GnuPG refuse to decrypt a symmetrically-encrypted message that uses 3DES ? probably not, but it should probably decline to generate such a thing, in the way that it defaults to generating signatures using SHA256 these days. --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users