Weak encryption keys
Bernhard Reiter
bernhard at intevation.de
Tue Mar 23 10:05:26 CET 2021
Am Montag 22 März 2021 23:32:14 schrieb Jacob Bachmeyer via Gnupg-users:
> I am assuming that there is some more severe problem with OpenPGP
> Blowfish key wrapping, since the situation you describe would not
> warrant the measures GPG has taken.
Not know details about this one: Sometimes stuff gets deprecated for cleanup
reasons and for long term prospects. Often you can find more details in the
code.
> (In other words, I am assuming that
> the GPG developers know something here that we do not, and I believe
> that to be a reasonable assumption.)
In my experience GnuPG developers (which I'd include myself) strongly like to
have everything in the open (to be verifiable). The only situation I can
image that we or others keep something back is for a limited time during the
course of a responsible disclosure, but this does not seem to be the case
here as the code is there.
(What also happens with software is that details are not explained.)
Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210323/022c8a2f/attachment.sig>
More information about the Gnupg-users
mailing list