Security doubts on 3DES default

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 15 22:16:28 CET 2017


On Wed 2017-03-15 07:13:18 -0400, Werner Koch wrote:
> On Tue, 14 Mar 2017 21:54, rjh at sixdemonbag.org said:
>
>> So long as you understand GnuPG will not make any changes that break RFC
>> conformance... and dropping SHA1/3DES breaks RFC conformance.
>
> Well, it is possible to use
>
>   --weak-digest SHA1 --disable-cipher-algo 3DES
>
> with gpg.

and some of us have experimented with running this kind of configuration
(at the very least with --weak-digest SHA1) for quite some time now.

take rjh's caveat with a grain of salt -- GnuPG's interest is in
protecting its users.  If the project knows something is bad, we're
going to try to protect users from it.

that said, data in a store-and-forward format (or for persistent
backups) makes it tricky to fully remove something.  Should GnuPG refuse
to decrypt a symmetrically-encrypted message that uses 3DES ?  probably
not, but it should probably decline to generate such a thing, in the way
that it defaults to generating signatures using SHA256 these days.

     --dkg



More information about the Gnupg-users mailing list