[Cryptography] Which big-name ciphers have been broken in living memory?
Jerry Leichter
leichter at lrw.com
Tue Aug 19 23:09:02 EDT 2014
On Aug 17, 2014, at 3:49 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> Just for the record: CAST5 is only used by default for symmetric only
>> encryption. This is hopefully only rarely used
>
> There's a lot of people using GPG for file encryption, which means CAST5. I
> found this out the hard way a few years ago when I removed CAST5 support (I
> was unable to identify anything other than GPG that still used it), and then
> had to quickly back out the change when people complained that they couldn't
> decrypt GPG-encrypted files any more.
*File* encryption is the easy case, since one can move the code into a "legacy support" state in which it will *decrypt* files created with any cipher at all, but will only *encrypt* with new, safe ciphers.
Unfortunately that doesn't work for communications - although it does suggest an interesting approach. Suppose you allowed each side to pick its own cipher. You connect to me and say "Hey, I still like CAST5". I turn around and say, "Fine, I guess you're willing to leak what you send - which you can do in a million ways, certainly with my own data, and even with data you send me. But even so, I choose to use AES." Certainly nowhere near ideal, but at least half the communications channel is protected - and I can use my safe connection back to you to send a message saying "Hey, idiot - how about upgrading that antique piece of leaky software?"
-- Jerry
More information about the cryptography
mailing list