Twofish, Blowfish no recommended cipher anymore ?!

David Shaw
Mon Jul 14 08:14:05 2003

Hash: SHA1

On Sun, Jul 13, 2003 at 05:40:10PM +0200, Johan Wevers wrote:
> David Shaw wrote:
> >The plugin system didn't make it easy to add new algorithms to GnuPG
> >(it's free software - you could always add new algorithms).
> Of course I can. But with the plugins, it was easier - you didn't
> have to recompile gnupg and make changes to lots of files for adding
> an algorithm.

Right, but that's still mostly a distribution thing (you need to get
the users of your new algorithm to patch their GnuPG source, and
rebuild).  For the developer, you certainly aren't rebuilding the
entire tree each time you make a change.  Or if you are, you need a
better implementation of 'make' ;)

> >Back then, Tiger was the largest hash in GnuPG.  That is no longer
> >true.  Tiger is a 192-bit hash.  Today, GnuPG supports SHA-256,
> >SHA-384, and SHA-512 - a good bit longer than Tiger.
> Support for them is currently read-only, so this support is useless
> if you want to really use these hashes. Although I have not (yet)
> figured out how difficult it is to change that in the source to rw
> support.

Internally, the support is complete.  The restriction is that the user
cannot specify the new SHAs via --digest-algo.  If a key has a digest
preference for one of the new SHAs, then GnuPG will follow it.  The
reason for this is so that we can get a code base that understands the
new hashes out there before people start generating them.  We're
trying to avoid compatibility problems.  Incidentally, PGP 8 supports
SHA256 (but not 384 or 512) read-only as well.

I'm actually a little surprised (though pleased) at how few people
immediately removed the read-only restriction as soon as they
downloaded GnuPG.  The code is trivial to enable, though it is right
below a comment from me asking the user not to enable it :)

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at