gpgsm 1.9.22 supports no RC2 Algorithm ?
nsushkin at sushkins.net
Fri May 4 15:07:20 CEST 2007
On Friday 04 May 2007 04:17, Werner Koch wrote:
> On Thu, 3 May 2007 22:34, nsushkin at sushkins.net said:
> > There has been a bug filed today in Mozilla bugzilla,
> > https://bugzilla.mozilla.org/show_bug.cgi?id=379625. If any of you can
> > vote, track, or help troubleshoot the issue, the affected users
> > (including me) will greatly appreciate.
> The issue is simply that Mozilla allows (and even worse, sometimes
> forces) the use of RC2. This should be fixed asap in Mozilla.
> I consider any application using RC2 for encryption not only broken but
> playing a false game with its users by telling them: Your mail has been
> encrypted. They are not telling them that it is the "NSA approved" 40
> bit cipher used in the dark ages for US-exportable software.
> Go and drop RC2!
Did you read the bug report? There may be another problem with the
encryption protocol negotiation between gpgsm and Thunderbird.
Dropping RC2 has also been requested via a different Thunderbird bug,
The bug status indicates that it has been assigned to a developer on May
1st. I think it's pretty clear to many that the weak algorithm shouldn't be
supported and they are working on it. But I think that Thunderbird
developers may use help of gpgsm developers if you have anything to say
about the protocol negotiation. See Nelson Bolyard's analysis at
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1388 bytes
Desc: not available
Url : /pipermail/attachments/20070504/3d0e6014/attachment.bin
More information about the Gnupg-devel