Question about history of hash and cipher collections

David Shaw dshaw at
Mon Jan 14 23:56:35 CET 2008

On Mon, Jan 14, 2008 at 10:17:24PM +0100, Jorgen Christiansen Lysdal wrote:
> Werner Koch wrote:
>> Meanwhile it had turned out the the
>> preference system works quite well ...)
> Which leads me to a question. Since I don't like that gpg falls back to 
> 3DES, if a cipher cannot be agreed opon. Would it be possible to change it 
> to AES256 or something, in a relative easy way? Maybe a small change to 
> source, and building myself? (BTW, thanks for gpg4win making it easy)

You could, but the end result would not interoperate with the rest of
the world.

For example, if you tried to send an encrypted message to someone who
hadn't hacked their GPG and had preferences of (for example) "TWOFISH,
CAST5, IDEA", your copy would pick AES256... and your message would
not be readable.

It doesn't matter all that much what the "cipher of last resort"
actually *is*, but it's absolutely vital that everyone has the *same*
one.  RFC-2440 and 4880 require 3DES for this reason.

Besides, 3DES has been around for longer than any other cipher in
OpenPGP, been studied and attacked far more, and still hasn't fallen.
The only thing wrong with it is that it's slow.  And I doubt you'd
notice the speed issue unless you're running on a very slow machine,
or sending very large messages.


More information about the Gnupg-users mailing list