getting rid of blowfishes
Werner Koch
wk@gnupg.org
Sun, 30 Apr 2000 14:25:20 +0200
On Thu, 27 Apr 2000, Pete Chown wrote:
> I thought GnuPG now avoided all the known problems with ElGamal
> signing. Is this not the case?
ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the
problems. I don't suggest to use them, however some folks feel like
it is a good idea to have a fallback algorithm.
Blowfish is a well respected algorithm and has been used by the first
PGP 5 version. It is faster than CAST-5 and OpenPGP compatible.
Twofish is not yet OpenPGP and not in wide use mainly because NAI
refused to accept most OpenGPG WG suggestions because they don't want
to implement it in their product.
GnuPG is not PGP nor an NAI product but an OpenPGP implementation; so
there is no reason to head for PGP x.x compatibilty. NAI is selling a
proprietary product - GnuPG is free software. The GNU project is
doing software to create a free operating system and not to compete
with proprietary products. If NAI wants to be compatible to GnuPG,
they should fix PGP: I guess they have far more developers than we.
Werner
--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de