getting rid of blowfishes

L. Sassaman
Tue, 2 May 2000 12:59:23 -0700 (PDT)

Hash: SHA1

On Tue, 2 May 2000, Simpson, Sam wrote:

> Fortunately the GnuPG crowd appear to be more technically competent
> (probably because it runs on Linux and users are already technically aware I
> guess) so there is less of an issue with GnuPG users creating non-compatible
> keys inappropriately.
Yeah, but then there are all those RedHat users. <ducks>
> Don't tell me that finally, 3 or 4 months before AES is finally selected,
> PGP will start implementing Twofish which most likely will not be selected
> as the final algorithm?
I said nothing to that extent. But, just for the sake of argument (note that none of this should be interpretted as anything more than theory), the working group has already assigned 256 bit Twofish its own packet ID, so that it could be implemented in addition to AES.
> I personally disagreed with the implementation of Twofish anyway (block
> cipher strength is certainly not the weakest part of OpenPGP...), but I
> think it's *extremely* poor timing to introduce it this late in the day
> prior to the selection of AES.
Again, this has nothing to do with AES.
> You will then no doubt have the newbies asking "which is best, Twofish or
> AES?" where the answer should be damn obvious.
> To quote Schneier (Oct '99) "Twofish is really too new to be used." - and
> you guys are fielding it in a production system? ;)
I never said that. However, you're glossing over the fact that GnuPG uses it...
> > I have to disagree slightly with this. I think it is
> > important for both
> > the PGP developers and the GnuPG developers to strive for
> > compatability
> > with each other's product. Fragmenting the OpenPGP community
> > is not a good thing, for anyone involved.
> Agree 100%!
- --Len. __ L. Sassaman System Administrator | Technology Consultant | "To hold a pen is to be at war." icq.. 10735603 | pgp.. finger:// | --Voltaire -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5DzOjPYrxsgmsCmoRAmiPAJwPhZTc9pXeLUCbNaY+siX72uiytQCePqgu MdFXrnfbcQ+yIE+Yxyvl8IU= =TX9I -----END PGP SIGNATURE-----