1024 key with large sub key

Robert J. Hansen rjh at sixdemonbag.org
Wed Oct 4 22:29:41 CEST 2017

> Are those the only two in GnuPG you don't see a need for?  What
> algorithms do you prefer?

I know this wasn't addressed to me, but what the heck.  I won't share my
preferences, but this is some modestly-accurate history.

Way back when, DSA and Elgamal had to be the defaults in OpenPGP because
RSA Data Security held the patent on the RSA algorithm, whereas DSA and
Elgamal were patent-free.  That patent was relinquished in September of

Twofish became part of the suite of ciphers with PGP 7, and GnuPG had to
support it because PGP 7 made it their default.  In PGP 7.1 they
switched to AES (which had just been released) but left Twofish in
because Twofish had Schneier cachet.  This is also probably why Blowfish
is still an approved algorithm.  IDEA continued to be supported almost
entirely for backwards compatibility with PGP 2.6; it has not held up at
all well, and is probably the weakest cipher in the suite.

(I have heard it said Blowfish was introduced to the spec as a fallback
in case CAST5 turned out to have flaws.  Given how similar CAST5 and
Blowfish are, design-wise, if this is true I think it was terrible

So right there, you can see that DSA, Elgamal, Twofish, and Blowfish,
all exist in the spec for non-engineering reasons: patent infringement,
fame of designer, backwards compatibility, etc.

I won't bore you with my list of preferred algos, though.  :)

More information about the Gnupg-users mailing list