-----BEGIN PGP SIGNED MESSAGE-----
Bill Stewart wrote:
(1) MUST Triple-DES (because it's been more studied than CAST5).
Yeah, it wins. Dog-slow, but everybody's comfortable with it.
What about the 2-Key 3DES vs. 3-Key 3DES problem?
(There's also the minor annoyance that 3-Key 3DES needs
168 bits of key, and SHA-1 only gives you 160,
and if the standard was going to insist on something that
required 168 real bits I'd recommend changing it...)
Interesting points. I would recommend, in the interests of getting on,
to "do whatever pgp5.0 with Triple-DES" does, and leave alternates for
later modes. I think the importance of the MUST algorithm is in
interoperability. If someone wants more performance or security,
chances are they will go for another algorithm, rather than fiddle
around with Triple-DES.
- --
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21
iQCVAgUANFijx5UdDk1bRs+FAQEragQAgw2TiwagjjmEMXyd6CZXnRDdDbLY0Oo4
+wuugDQlr09mkhDWv1tBwBdgK4eSwlmlhSPDCFeFl/JTq/1IwHVNfUWfN8+5or/m
wT9VZxGBbIL9heVtnJ9FOVpHH39/WTNNyiDDSyoCHXmbzv3WU32+MV2H+EyUdYSK
7NaQqEbUqFA=
=DMaY
-----END PGP SIGNATURE-----