gpgsm 1.9.22 supports no RC2 Algorithm ?

Nicholas Sushkin nsushkin at
Fri May 4 15:07:20 CEST 2007

On Friday 04 May 2007 04:17, Werner Koch wrote: 

> On Thu,  3 May 2007 22:34, nsushkin at said:
> > There has been a bug filed today in Mozilla bugzilla,
> > If any of you can
> > vote, track, or help troubleshoot the issue, the affected users
> > (including me) will greatly appreciate.
> The issue is simply that Mozilla allows (and even worse, sometimes
> forces) the use of RC2.  This should be fixed asap in Mozilla.
> I consider any application using RC2 for encryption not only broken but
> playing a false game with its users by telling them: Your mail has been
> encrypted.  They are not telling them that it is the "NSA approved" 40
> bit cipher used in the dark ages for US-exportable software.
> Go and drop RC2!


Did you read the bug report? There may be another problem with the 
encryption protocol negotiation between gpgsm and Thunderbird.

Dropping RC2 has also been requested via a different Thunderbird bug, 
The bug status indicates that it has been assigned to a developer on May 
1st. I think it's pretty clear to many that the weak algorithm shouldn't be 
supported and they are working on it. But I think that Thunderbird 
developers may use help of gpgsm developers if you have anything to say 
about the protocol negotiation. See Nelson Bolyard's analysis at 

Thank you.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1388 bytes
Desc: not available
Url : /pipermail/attachments/20070504/3d0e6014/attachment.bin 

More information about the Gnupg-devel mailing list