getting rid of blowfishes

Werner Koch wk@gnupg.org
Sun, 30 Apr 2000 14:25:20 +0200


On Thu, 27 Apr 2000, Pete Chown wrote:


> I thought GnuPG now avoided all the known problems with ElGamal
> signing. Is this not the case?
ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the problems. I don't suggest to use them, however some folks feel like it is a good idea to have a fallback algorithm. Blowfish is a well respected algorithm and has been used by the first PGP 5 version. It is faster than CAST-5 and OpenPGP compatible. Twofish is not yet OpenPGP and not in wide use mainly because NAI refused to accept most OpenGPG WG suggestions because they don't want to implement it in their product. GnuPG is not PGP nor an NAI product but an OpenPGP implementation; so there is no reason to head for PGP x.x compatibilty. NAI is selling a proprietary product - GnuPG is free software. The GNU project is doing software to create a free operating system and not to compete with proprietary products. If NAI wants to be compatible to GnuPG, they should fix PGP: I guess they have far more developers than we. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email wk@openit.de D-40233 Duesseldorf http://www.openit.de