NSA backdoors and Set Preferred Cipher

Robert J. Hansen rjh at sixdemonbag.org
Sun Sep 8 01:38:16 CEST 2013


On 9/7/2013 8:11 AM, Mike Acker wrote:
> i have altered my cipher preference list as follows

Why?  Your preference list makes no sense.

> TWOFISH CAST5 BLOWFISH 3DES AES AES192 AES256 CAMELLIA128
> CAMELLIA192 CAMELLIA256

GnuPG and PGP will stop as soon as they hit 3DES.  They won't even look
at the rest of the ciphers in your preference list.  "Okay, Mike likes
Twofish, but the recipient doesn't support it... then CAST5, but that's
not supported... then Blowfish, again not supported... hey, 3DES.  3DES
is *guaranteed* to be supported.  The recipient has to speak 3DES.
Cool.  We'll choose 3DES and not even bother with the rest of the list."

> based on recent revelations we should probably not use any
> commercially offered cipher

Which means what, exactly?  3DES came out of IBM in the 1970s, but it's
not a "commercial product" in any sense I can imagine.  CAMELLIA came
out of a Japanese telecommunications firm, but it's likewise not a
"commercial product."

There are no "commercially offered ciphers" in GnuPG.





More information about the Gnupg-users mailing list