Security doubts on 3DES default

Werner Koch wk at
Thu Mar 16 20:37:32 CET 2017

On Thu, 16 Mar 2017 15:55, peter at said:

> Perhaps we should either retire ciphers with a 64-bit block length or
> make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no
> longer up to the user to be prudent with large amounts of data.

Those who have large amounts of data to encrypt will anyway use a fast
cipher and this means AES.  Thus the 64 bit block length is in practice
only a theoretical problem.  A more practical problem is how to protect
against arbitrary I/O or storage errors.  Thus in the end you will store
the data anyway in chunks.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170316/76fef9fd/attachment.sig>

More information about the Gnupg-users mailing list