getting rid of blowfishes (was Re: Windoze PGP Compatability)
Fri, 28 Apr 2000 12:30:50 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 27 Apr 2000, Pete Chown wrote:
> L. Sassaman wrote:
> > That should disable ElGamal signing keys, which are
> > too insecure to be trusted.
> I thought GnuPG now avoided all the known problems with ElGamal
> signing. Is this not the case?
Yes, it does. So if you only plan to correspond with other GnuPG users,
you are probably okay (unless there are more problems with ElGamal we
aren't aware of yet, which would not surprise me). But I can't see the
point in using ElGamal, when there are no advantages over DSS/DH, you have
to trust the implementors to do it correctly (and conceivably, your
correspondent could be using something other than GnuPG that doesn't
implement it securely). And the topic of discussion was originally Windows
PGP compatability; PGP doesn't and will never support ElGamal signing.
A debate about the merits of ElGamal keys is probably not what this list
is for, and definately not what I want to create, however.
System Administrator |
Technology Consultant | [This space for rent]
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi |
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
-----END PGP SIGNATURE-----