[Top] [All Lists]

Re: [openpgp] Intent to deprecate: Insecure primitives

2015-03-16 16:10:13
On Monday, March 16, 2015, <vedaal(_at_)nym(_dot_)hush(_dot_)com> wrote:

On 3/15/2015 at 11:56 PM, "Daniel Kahn Gillmor" 
<javascript:;>> wrote:

Yahoo has deprecated, and intends to disable support for all
uses, of
the following primitives and packet types specified for use with
OpenPGP v4:

- Symmetric cipher algorithms: IDEA, TDES, CAST5, Blowfish,


All previous OpenPGP have had a MUST implement for 3DES.
Is there any advantage in using only block 64 symmetric encryption
primitives, to do away with 3 DES, IDEA and CAST 5?

Yes re block size  (I'm assuming you meant 128-bit blocksize ciphers). A
64-bit blocksize is small enough that there is a significant probability of
(some user) encrypting a message with two blocks the same.

CAST5 (CAST128), however, is a 128-bit blocksize cipher.

In general, won't removing these primitives make it difficult to decrypt
past correspondences where people have used these primitives?
(The default for symmmetrically encrypted GnuPG messages has been CAST5
for a long time in the past, -i.e. many many encrypted messages ...)

Yes. GnuPG's use of CAST5 is problematic. We won't support this usage for
encryption or decryption. (Mainly because it did so if you didn't set a
'modern' cipher, and thus didn't use the SEIPD+MDC packet.)

Other implementations are free to; they really shouldn't be encrypting new
messages using it.

I will note that the Canadian government still permits the use of CAST5 for
the encryption of data at a 128-bit security level, but requires a
cryptoperiod of < 7 days. (Which is not terrribly reassuring.)

openpgp mailing list