Twofish, Blowfish no recommended cipher anymore ?!

David Shaw dshaw@jabberwocky.com
Sun Jul 13 16:19:11 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Jul 11, 2003 at 04:20:00PM +0200, Johan Wevers wrote:
> 1228EB6 wrote:
> 
> >Can the users be confident that GnuPG never drops those ciphers which 
> >may never be supported by PGP (in the case of Blowfish), but have 
> >(almost) always been a part of GnuPG ?
> 
> I hope not, although one never knows. If the OpenPGP forum drops support,
> the gnupg developers might as well (see the Tiger hash :-( ), and with
> the plugin system gone there's no easy way to re-add them.

The plugin system didn't make it easy to add new algorithms to GnuPG
(it's free software - you could always add new algorithms).  The
plugin system just made it easy to distribute the plugins separately
from GnuPG.

Also, keep in mind that OpenPGP never really supported Tiger.  There
was no OID specified, and so it was supported in GnuPG with a
nonstandard OID.  This means that no other OpenPGP program (unless
they used the same nonstandard implementation) would be able to verify
Tiger signatures from GnuPG.

Back then, Tiger was the largest hash in GnuPG.  That is no longer
true.  Tiger is a 192-bit hash.  Today, GnuPG supports SHA-256,
SHA-384, and SHA-512 - a good bit longer than Tiger.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE/EWmK4mZch0nhy8kRAjIyAJ9EpzrYFiWaC6HHjeBocOvSpmP6EACg4ASc
2yNd3CCipe8XO5frP3oMDSY=
=g6/s
-----END PGP SIGNATURE-----