Question about history of hash and cipher collections

vedaal at vedaal at
Tue Jan 15 17:08:28 CET 2008

David Shaw dshaw at
wrote on Mon Jan 14 23:56:35 CET 2008 :

>It doesn't matter all that much what the "cipher of last resort"
>actually *is*, but it's absolutely vital that everyone has the 
>one.  RFC-2440 and 4880 require 3DES for this reason.

have often wondered about this,

if this is so,
wouldn't it make more sense to have gnupg use 3DES as the default 
cipher instead of CAST-5

it might have made sense historically when pgp moved to version 5 +,
and used CAST-5 as default, that gnupg used CAST-5 as the default 
cipher to protect the secret key, and also the default cipher for 

(i haven't used pgp for a long time now,
[ since 8.x ],
so i don't know for sure, 
but i don't think they still use CAST-5 as a default,

but in any event,
if 3-DES is the 'open-pgp must implement'
it would make more sense to start using it as the secret key 
(or at least, as the symmetrical encryption default, unbundled from 
being the same as the cipher for the secret key) )

for practical purposes, it can be done easily enough by using gnupg 
and isn't a 'priority' issue,
but was curious if there is any reason that gnupg doesn't want to 
3-DES the default

Boost your business with a small business loan. Click now!

More information about the Gnupg-users mailing list