libcrypt and RC2 revisited

Sven Fischer sepreh at gmx.de
Wed Jul 27 23:01:29 CEST 2005


Werner Koch wrote:

> On Tue, 26 Jul 2005 19:22:06 +0200, Zeljko Vrba said:
> 
>> Ugh, I hope that you'll _never,ever_ allow such low-grade insecure
>> algorithms in gpg or anything related to it, no matter what the public
>> demand is.
> 
> For sure not in an application like gpg.  However for certain tools
> (e.g. a crypto workbench) it makes sense to have even very simple
> ciphers.

Also, it isn't our fault, that M$ does use such simple crypto algorithms. I
personally share this opinion, but only for the encryption side. For
decryption, I don't understand why it should be a problem.

A problem is, that an user new to the Unix world wants to decrypt the
messages sent to them, regardless of the encryption system the sender used.
And since the gnupg solution is used by the popular KMail of KDE, no KMail
user is able to decrypt this Outlook crap sent to them. Is telling the
Outlook users to use another mail program or use no encryption at all the
solution? I don't think so. I even tried to convince Outlook to use 3des,
but couldn't figure out how to do that.

So, thanks for the explanation, keep up the good work.

Greetings,
Sven

-- 
Sven Fischer -- Moitzfeld 47, 51429 Bergisch Gladbach, Germany
                Tel./Fax: +49-(0)2204-480985
                sepreh at gmx.de





More information about the Gnupg-users mailing list