Werner Koch wk at
Mon Jun 25 00:11:57 CEST 2012

On Fri, 22 Jun 2012 20:52, vedaal at said:

> Am somewhat surprised by the unprovoked V3 rants, when I asked for 
> nothing from anyone, and only thanked WK for allowing it to happen.

I am telling for more than a decade that PGP 2 should not be used
anymore.  The rationale for this was that OpenPGP is a standard and
fixes great many problems of PGP 2.  GnuPG supports PGP 2 only because
this provides a way to migrate away from PGP 2.  But: We are now in 2012
- 20 years after PGP 2.

A few years later it was obvious that MD5 is broken in practice. I can't
understand anyone suggesting to use PGP2.  I have heard of people keep
on using and suggesting >=4k keys but still being bounded to the broken
MD5 and the flawed PGP public key packet and protection.  This is plain

The RNG in PGP2 is also questionable because it has not been designed to
cope with modern OSes.  Mouse and keyboard interrupts are not anymore a
good source of entropy - they are not traight hardware interrupts as
they used to be on MSDOS or early BSDs.

Now some claim that PGP 2 is better because it is so easy to audit the
code.  Okay, that might be the case for the PGP 2 source.  However, who
is going to audit the libc, WM (note keyboard interrupts!), kernel,
msvc, gcc or hypervisor code.  That is far more complex than PGP 2.  If
I had to write malware I would never directly attack PGP or GPG but go
for other components (D-Bus services anyone?).  Subvert the most
invisible part of the system and not what script kiddies will do.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list