A few years ago it was theoretically estimated that an effective
strength of
GOST cipher is approximately 2^56, that is about the same value as
DES's. Not
quite what we need by today's standards. And not quite what has been always
officially supported by OpenPGP.
How about doing a triple-GOST? That would
meet the letter of the rules, and give a boost
to the security? Just brainstorming here...
Well, this may be helpful if GOST is really subject to "sliding" attacks, and
would put excercises in "meet in the middle", et cetera to pure theoretic
field (because of memory requirements). But this is hardly a good decision
anyway. Maybe GOST multiple encriptions -- on the assumpsion of architectual
similarity to DES -- isn't forming a group, but look at the keylength.
Standard variant has 256 bits + secret S-boxes give us something about 610
bits of secret data. In 3GOST (or whatever) it would be more than 1800 bits --
for symmetric cipher! Moreover, there are speed considerations...