Changes in 1.4.10

David Shaw dshaw at
Mon Aug 17 17:43:37 CEST 2009

On Aug 17, 2009, at 2:45 AM, Faramir wrote:

> Werner Koch escribió:
>> Noteworthy changes in version 1.4.10 (unreleased)
>  I remember there were some improvements in the way the preferred
> algorithms for encryption are chosen... Are these changes included in
> this new version?

Yes.  I'll add a note to the NEWS file about it.

For the archive: the changes are that GPG now scores the preferred  
algorithms, so (for example) if there are 3 recipients, and two of the  
three vote for AES128 and one of the three votes for AES256, then the  
algorithm chosen will be AES128.  However, despite the occasional  
confusion on this point, keep in mind that this behavior is not  
required by the standard, so don't expect everyone else to do what GPG  
is doing here.  Not every OpenPGP implementation does ranking.  The  
only requirement is that each implementation picks an algorithm that  
is supported by all recipients, and beyond that, the implementation  
can choose however it likes.  It is thus legal to just force every  
message to use 3DES and never even look at the preferences.  So long  
as all recipients support them, it is even legal, though perhaps  
silly, to pick AES128 on Mondays, CAST5 on Tuesdays, but AES256 only  
on alternate Thursdays in months with the letter "r" in them.

Also keep in mind that you, as the sender of the message, are king: if  
you want algorithm X, and everyone can at least handle algorithm X,  
then their votes for what they like best don't matter.  You're the  
sender, and your wishes (via --personal-cipher-preferences and  
friends) trump all.


More information about the Gnupg-users mailing list