Question about history of hash and cipher collections

Robert J. Hansen rjh at
Mon Jan 14 05:46:18 CET 2008

Kevin Hilton wrote:
> I can see you seem to know a lot about gpg -- thanks.

He should; he's one of the GnuPG authors.

> Just a question, b/c from my very elementary understanding of
> ciphers, it seems like serpent is a very secure standard.

Serpent was developed by some very smart people.  However, /all/ the AES
finalists were considered to be very competent designs.  What caused
NIST to select Rijndael over Serpent were factors other than
security--speed, ability to fit in a smart card, key agility, etc.

(Rijndael, pronounced "rain-doll", was ultimately selected to become
AES.  When talking about the history of AES, it's helpful to call it by
its old name.)

> I believe looking at the source code (either in pgg or pgp2 -- I cant
> remember) I even saw a serpent.c file.

It wasn't in pgp 2.x, since Serpent came out almost a decade after pgp
2.x.  There has never been an official GnuPG build that has supported
Serpent, to the best of my knowledge.

More information about the Gnupg-users mailing list