Wed, 15 Sep 1999 17:57:07 +0200 (MET DST)
Werner Koch wrote:
> Don't let Ascom know this. They even require license fees when IDEA
> is used by charities.
I doubt they will go after all pgp 2.x users.
> There is a reason for displaying the message
> "Experimental algorithms should not be used"
I commented thaat message out in the gpg source code, together with the ones
about deprecated algorithms... :-)
> the identifiers used to describe the algorithjms are not standard and
> there will be interoperabilty with other implemenations or versions of
> a software.
I know, but I guess that someone using it will not change the identifiers by
> > 2.x compatibility is required since some of my correspondents use 2.x
> > versions and I don't want to force them to upgrade. However I consider
> > changing to a pgp 5 compatible key because the MD5 algorithm is not really
> > considered safe anymore. Being compatible when just using conventional
> That is simply not true.
What is simply not true?
> There is an evidence that in the near future
> the calculation of collisions may be done on regular basis and
> therefore you should not use it in DL signature algorithm, because
> this could compromise your secret key.
When using a pgp 5 compatible key I use SHA-1, that's OK I thought?
However, encrypting messages is far more important to me than signing.
> One solution for the PGP 2 compatibilty is to tweak PGP 2 to use CAST5
> instead of IDEA:
Would that be stronger in combination with the MD5 hash in pgp 2?
> If you have such a PGP 2 you can still use
> your RSA keys there is no need to worry about the IDEA patent.
I don't worry about patents anyway.
ir. J.C.A. Wevers // Physics and science fiction site:
firstname.lastname@example.org // http://www.xs4all.nl/~johanw/index.html
Finger email@example.com for my PGP public key. PGP-KeyID: 0xD42F80B1