[Cryptography] Which big-name ciphers have been broken in living memory?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Aug 17 11:56:56 EDT 2014
ianG <iang at iang.org> writes:
>This is engineering, right? Once the end of life is reached, we shouldn't be
>using them. Right?
Matthew Green actually did a good writeup on this recently in "What's the
matter with PGP?",
http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html.
Quotable quotes:
Poking through a modern OpenPGP implementation is like visiting a museum of
1990s crypto.
I think this applies mostly to GPG though, which still uses crazy defaults
like CAST5 as its standard cipher.
It's one thing to provide optional backwards compatibility for that one
friend who runs PGP on his Amiga. [...] Even if these archaic ciphers and
formats aren't exploitable today, the current trajectory guarantees we'll
still be using them a decade from now.
And this is exactly the problem. I don't know what optional new ciphers we
might have available in 2020 (possibly even that newfangled thing called AES),
but I'm pretty sure the default will still be CAST5 from 1996.
Peter.
More information about the cryptography
mailing list