getting rid of blowfishes (was Re: Windoze PGP Compatability)

L. Sassaman
Fri, 28 Apr 2000 12:30:50 -0700 (PDT)

Hash: SHA1

On Thu, 27 Apr 2000, Pete Chown wrote:

> L. Sassaman wrote:
> > That should disable ElGamal signing keys, which are
> > too insecure to be trusted.
> I thought GnuPG now avoided all the known problems with ElGamal
> signing. Is this not the case?
Yes, it does. So if you only plan to correspond with other GnuPG users, you are probably okay (unless there are more problems with ElGamal we aren't aware of yet, which would not surprise me). But I can't see the point in using ElGamal, when there are no advantages over DSS/DH, you have to trust the implementors to do it correctly (and conceivably, your correspondent could be using something other than GnuPG that doesn't implement it securely). And the topic of discussion was originally Windows PGP compatability; PGP doesn't and will never support ElGamal signing. A debate about the merits of ElGamal keys is probably not what this list is for, and definately not what I want to create, however. - --Len. __ L. Sassaman System Administrator | Technology Consultant | [This space for rent] icq.. 10735603 | pgp.. finger:// | -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5Ceb3PYrxsgmsCmoRAnGYAJ9rAJq96FO38tb2TuluIGxUakjIZQCgwgHD zpNJC/QKtb5R7J1uitZh2TE= =kkqp -----END PGP SIGNATURE-----