Beyond Curve25519

Robert J. Hansen rjh at
Fri Jan 16 18:16:41 CET 2015

> Symmetric encryption performance is actually a problem because the
> CFB mode of OpenPGP along with the SHA-1 MDC imposes a limit which
> could be lifted by using a different encryption mode.

Unrelated to the thread, but -- Werner, refresh my memory a moment here.
 Back before PGP implemented Twofish (with ... 7.0, if memory serves),
OpenPGP's CFB mode was basically a tweaked CFB64.  Now that most of the
ciphers in OpenPGP support 128-bit blocks, what's the current mode?
Still tweaked CFB64, or tweaked CFB128?  Or does it keep CFB64 for
64-bit ciphers, and CFB128 for 128-bit ciphers?

(Note to everyone currently panicking about the mention of "64-bit
ciphers" in OpenPGP: this is talking about how many bits the cipher
processes at a time, *not* the size of the key.  All the symmetric
ciphers in OpenPGP support at least 128-bit keys, but some of them
process data 64 bits at a time.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150116/ca042b78/attachment.bin>

More information about the Gnupg-devel mailing list