Question about history of hash and cipher collections

David Shaw dshaw at
Tue Jan 15 18:09:49 CET 2008

On Tue, Jan 15, 2008 at 11:08:28AM -0500, vedaal at wrote:
> David Shaw dshaw at
> wrote on Mon Jan 14 23:56:35 CET 2008 :
> >It doesn't matter all that much what the "cipher of last resort"
> >actually *is*, but it's absolutely vital that everyone has the 
> *same*
> >one.  RFC-2440 and 4880 require 3DES for this reason.
> have often wondered about this,
> if this is so,
> wouldn't it make more sense to have gnupg use 3DES as the default 
> cipher instead of CAST-5
> it might have made sense historically when pgp moved to version 5 +,
> and used CAST-5 as default, that gnupg used CAST-5 as the default 
> cipher to protect the secret key, and also the default cipher for 
> encryption,

GPG does use 3DES as the default cipher for encryption.  That behavior
is required by OpenPGP.

There is no OpenPGP requirement for secret key protection (there are
few interoperability issues there), so CAST5 is as good as anything
else.  For what it's worth, if you set --openpgp mode, the secret key
protection cipher does switch to 3DES.


More information about the Gnupg-users mailing list