[Cryptography] Which big-name ciphers have been broken in living memory?

[Peter Gutmann]

Werner Koch <wk at gnupg.org> writes:

>It is funny that people loudly complain that RSA-2048 is not good enough but
>never requested to change the default symmetric algorithm.

Yeah, that's an example of the problem that several people pointed out in the
"Encryption opinion" thread, people obsess over whatever value has the biggest
magnitude (in this case public key sizes) and ignore everything else.  The EU
has moved to ban vacuum cleaners over 1600W because of a numbers race (people
equate larger power draw -> better clean, vendors oblige by shipping power-
guzzling cleaners whose main noticeable difference is that they make more
noise than more economical ones), so that now cleaners will be rated on
(shock, horror) actual cleaning performance rather than how much power they
burn.  Perhaps the EU could do the same for crypto as well, you can't enable
ridiculous key sizes until you can demonstrate that the rest of your crypto
and surrounding software provides equivalent strength.

(Oh, and I filed a request to move to AES as the default in 2011, subject "Why
does GPG still default to the 15-year-old CAST5 for everything?", so people
have asked for this to be fixed).

Peter.