RC2 in libgcrypt
Tue, 24 Jun 2003 10:09:46 +0300
On Tue, Jun 24, 2003 at 08:43:25AM +0200, Werner Koch wrote:
> > Is there any chance into including RC2 in libgcrypt? Without
> > it, it is not possible to create a real pkcs-12 packet parser.
> As I already told here, PC2 is patented and anyway obsolete. We won't
No RC2 is not patented. As far as I know it has the same status as RC4
(was a trade secret). There is also an informational RFC on it
> include it. Furthermore importing a 40 bit RC2 encoded certificate
> is really silly as this can be broken trivially and it must be assumed
> that such a certificate has already ben compromised.
Certificates do not need much protection, that's why the browsers use
weak encryption on them. The only thing protected in a PKCS12 structure
with strong encryption is the private key.
> > An RC2 implementation under the public domain can be found at:
> > ftp://ftp.funet.fi/pub/crypt/cryptography/symmetric/rc2/rrc2.tar.gz
> There is nothing like public domain in most European countries and
> such the legel status of such an implementation might get us in trouble
> later on.
Well not having RC2 means that the whole work I've done on PKCS12
packets is useless, since I cannot decrypt them.
> Werner Koch <firstname.lastname@example.org>
> The GnuPG Experts http://g10code.com
> Free Software Foundation Europe http://fsfeurope.org