IDEA isn't magic (was Re: gnupg1 still needed?)

David Shaw dshaw at jabberwocky.com
Fri Jul 18 17:23:45 CEST 2008


On Fri, Jul 18, 2008 at 03:18:11PM +0200, Klaus Singvogel wrote:
> Werner Koch wrote:
> > On Fri, 18 Jul 2008 11:46, kssingvo at suse.de said:
> > 
> > > But I noticed that gpg1 could support old PGP keys, if module idea is
> > > added. On the other side gpg2 it seems that gpg2 is capable to support
> > 
> > I wonder why you ask.  It is not possible for SuSE to include any such
> > support for an outdated, useless and patented cipher algorithm.
> 
> Thats our problem: we cannot support/distribute algorithms with a
> patent-fee. :-)
> 
> But I think, I should have deleted my .signature, as I was speaking
> out of personal interests and not for my company. Please note either
> that SUSE Linux dropped the support for gpg1 since 10.3 (Oct 2007),
> and is shipping gpg2 only now. Sorry for my mistake.
> 
> The reason is that people came every then and a while to me and ask me
> how to use the exact algorithms, why Phil Zimmerman got accused for
> their release in the Usenet.

In that case, shouldn't you be pointing them to BassOmatic? ;)

http://en.wikipedia.org/wiki/BassOmatic

> As it is still not known how to break RSA and IDEA, people still
> want only to use (insist on?) algorithms the NSA showed the only
> time nervousness in the past.

This is silly.  IDEA has not been broken, but then neither has 3DES.
3DES (1978) has been studied a lot longer, and withstood far more
attacks than IDEA (1991).

David



More information about the Gnupg-devel mailing list