Security doubts on 3DES default
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 15 22:16:28 CET 2017
On Wed 2017-03-15 07:13:18 -0400, Werner Koch wrote:
> On Tue, 14 Mar 2017 21:54, rjh at sixdemonbag.org said:
>> So long as you understand GnuPG will not make any changes that break RFC
>> conformance... and dropping SHA1/3DES breaks RFC conformance.
> Well, it is possible to use
> --weak-digest SHA1 --disable-cipher-algo 3DES
> with gpg.
and some of us have experimented with running this kind of configuration
(at the very least with --weak-digest SHA1) for quite some time now.
take rjh's caveat with a grain of salt -- GnuPG's interest is in
protecting its users. If the project knows something is bad, we're
going to try to protect users from it.
that said, data in a store-and-forward format (or for persistent
backups) makes it tricky to fully remove something. Should GnuPG refuse
to decrypt a symmetrically-encrypted message that uses 3DES ? probably
not, but it should probably decline to generate such a thing, in the way
that it defaults to generating signatures using SHA256 these days.
More information about the Gnupg-users