[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Re: GPG/crypto (was SUID bit)




Richard,

> 
> This is plain old fashioned crap.
> 

This is all very well to say, but I have yet to see some references to back 
this up. There's a lot of conspiracy theories floating out out there, some of 
which may be true, others not. I have the GnuPG source (for 1.0.2), and there 
is *no* documentation within it that talks about crypto generally that I can 
see, and has been pointed out that algorithms it uses includes 3DES and 
Blowfish. I have not found an archive of the GPG list - if you know of one, I 
will review it. I have posted references here, yet I am waiting for 
references from yourself, short of "GPG docs and GPG list", which isn't that 
precise. Surely if they are classed as insecure, why would GPG implement 
them, based on what you have been saying?

Blowfish has been analysed and there is no known attack against it short of a 
differential attack against weak keys. Twofish was, as has been pointed out, 
an AES candidate. Both algorithms are public knowledge, the algorithm is 
there for peer review, and there is no easy break that has been found. 3DES 
is still being touted as secure according to feedback I'm getting so far from 
other sources (see sci.crypt).

For this, I fear we may have to aggree to disaggree.

Chris...



-- 
@}-,'--------------------------------------------------  Chris Johnson --'-{ [at] 
    / "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.