Nils Durner <ndurner(_at_)googlemail(_dot_)com> writes:
We can of course raise the bar by excluding types 1 & 3 entirely.
1 and 3? I assume you mean 0 and 1, with 2 being unused anyway. There should
really only be a 3, a straight hash or salted hash is barely better than just
using the password directly.
(They also seem to be virtually unused in practice, some time ago I
inadvertently disabled use of 0 and 1 in my code and, after zero complaints
over this, made the change permanent).
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp