next AE cipher COLM?

Robert J. Hansen rjh at
Thu May 17 20:16:17 CEST 2018

> And please don't mention GCM - counter based algorithms are way too
> brittle for solid cryptography.  Remember the RC4 lessons.

To say nothing of the implementation difficulty.  The more complex the 
algorithm, the less the chance it'll be implemented correctly.  As 
someone who's implemented GCM a couple of times, it's not a simple mode. 
  It's tremendously fiddly.  Complicated code leads to complicated 
failure modes and testing difficulties.

More information about the Gnupg-devel mailing list