> take rjh's caveat with a grain of salt -- GnuPG's interest is in protecting its > users. If the project knows something is bad, we're going to try to protect > users from it.
In my defense, I never said GnuPG wasn't going to try to protect users from dangerous things. I said that until the RFC changes, 3DES and SHA1 will remain in the codebase -- which is, I think, the correct position to take. > probably not, > but it should probably decline to generate such a thing, in the way that it > defaults to generating signatures using SHA256 these days. Why? What's the reasoning for refusing to encrypt using 3DES? I can see "we should refuse to put 3DES in any non-final position in key or cipher preferences" -- that would make sense: it's the cipher of last resort, and putting it in non-final position kind of breaks that guideline -- but I'm unaware of any reason why we should not permit using 3DES as a symmetric cipher. 3DES is slow and obnoxious but it's not unsafe. At 168 bits of key material it's actually stronger than AES128. (I'm discounting the theoretical attacks on 3DES, as they require many orders of magnitude more memory than exist in the entire world.) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users