[Cryptography] Which big-name ciphers have been broken in living memory?
Werner Koch
wk at gnupg.org
Mon Aug 18 03:05:23 EDT 2014
On Sun, 17 Aug 2014 21:49, pgut001 at cs.auckland.ac.nz said:
> Werner Koch <wk at gnupg.org> writes:
>
>>Just for the record: CAST5 is only used by default for symmetric only
>>encryption. This is hopefully only rarely used
>
> There's a lot of people using GPG for file encryption, which means CAST5. I
> found this out the hard way a few years ago when I removed CAST5 support (I
> was unable to identify anything other than GPG that still used it), and then
Implementations MUST implement TripleDES. Implementations SHOULD
implement AES-128 and CAST5. [...]
Thus you should have kept it for decryption and for being able to import
GPG generated secret keys.
It is funny that people loudly complain that RSA-2048 is not good enough
but never requested to change the default symmetric algorithm. Well
except for a request last week where all kind of stuff should be changed
(e.g. CAST5 -> AES-256, where the latter is a MAY implement algorithm).
Thanks for your remark - I will do the switch to AES-128 for 2.1.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list