libcrypt and RC2 revisited

Zeljko Vrba zvrba at globalnet.hr
Thu Jul 28 10:36:11 CEST 2005


Sven Fischer wrote:
>
> Also, it isn't our fault, that M$ does use such simple crypto algorithms. I
> personally share this opinion, but only for the encryption side. For
> decryption, I don't understand why it should be a problem.
>
For decryption there is no problem, of course. As for encryption.. it is
impossible to misuse a feature (even accidentaly!) which simply is not
present :) that was my reasoning behind the comment.


> user is able to decrypt this Outlook crap sent to them. Is telling the
> Outlook users to use another mail program or use no encryption at all the
> solution? I don't think so. I even tried to convince Outlook to use 3des,
> but couldn't figure out how to do that.
>
that setting is hidden deep somewhere in account settings. but are you
talking about S/MIME or GPG?

IMHO, outlook users that are using GPG are pretty 'advanced' users
(compared to rest of them). AFAIK, Outlook makes it easy to use X.509
but you have to have some kind of plugin for GPG, no? and GPG (except
the experimental one) can't yet handle S/MIME. So linux mail readers
have to use something else besides GPG for S/MIME.. and then I don't see
how not incorporating RC2 into GPG even for decryption is a problem..

am I missing something here?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050728/6cadf8c5/signature-0001.pgp


More information about the Gnupg-users mailing list