Johan Wevers johanw at
Thu Jun 2 15:47:28 CEST 2005

Sascha Kiefer wrote:

>Well, a bank might send confidential data to there customers.
>And the country of the bank - like luxembourg - enforces by law that 
>confidential data must be
>encrypted using at least AES then the banks policy must be setup this way.

"At least". Does the bank has contracted anyone with enough knowledge
of cryptography to make educated assumptions about the strength of the
different algorithms in GnuPG? Rijndael also has its weaknesses, wether
it will remain as strong as the other ciphers with equal key length
remains to be seen.

BTW, are those laws there really that detailed? Does it mean that if
Rijndael gets broken sending it in any weak cipher would suffice?

ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at   //
PGP/GPG public keys at

More information about the Gnupg-users mailing list