-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert J. Hansen escribió: > Faramir wrote: >> I think I will add some more algos, to avoid using 3DES (while it >> should be safe enough... I don't like the solution "lets do it 3 times")
> Not to ask a dunce question here, but why not? I will tell the true: because some of my likes and dislikes are not based on rational arguments... Ok, let me say something on my behalf: in my experience, when something does't work as well as expected, and people say "well... lets do it 2 times, that should work", usually that leads to something that works, but it is not as good as it could be... An example: I decided to backup my private keyring in a remote backup... a free host. I put a private folder, and encrypted the file 3 times, with different encryption utilities, and different passwords. But I don't "feel" it is the best solution... probably I should have stored them in a pendrive, and store it in my grandparents house. Now, my keys don't control the launch codes for ICBM, so I don't need more protection... but if they were "important", probably I should look for a better solution. > "3DES. Nothing else even comes close." Sure, use AES for new crypto > software, but if you absolutely _must_ have the most overdesigned, > overbuilt thing out there... Well, if an expert says that, I don't have another choice than trust it, until another expert says something different. > It is big, clumsy, ungainly and slow. It has all the aesthetic values > of the Soviet Realism school of art, and processes data about as fast as > a snail coming off a three-day scopolamine trip. Well... that resumes what I would expect from something designed to be applied once, and "fixed" by applying it 3 times... but again, I admit my expectation's come from an irrational base. If it was my job to decide what algo to use for some serious thing, I would stick to the hard facts... but it is not the case with _my_ key. > And it is still beating up every cryptanalyst out there and stealing > their lunch money. If it couldn't do that, it would be deprecated... I know all the encryption algo's provided by GPG are safe enough... but I can't use them all... and if one of them is big, clumsy, ungainly, and with poor aesthetic, that one will be the one I won't _prefer_ to use. > If you don't like 3DES because it's slow, okay, fine, I can respect > that. But objecting to "let's do it three times" is nonsense. Do you > object to Blowfish because it does it does it 16 times? The thing I dislike about "let's do it 3 times" is it was not designed to be used that way... using it 3 times is the solution to the "it is not secure enough" problem. In other words, I get the impression 3DES is a "patched" DES. And other algos are not patched... or at least, not so obviously patched (I can't be sure about if they are patched or not). But despite I don't like it, it is good to know the ultimate compatible algo in OpenPGP is also the most secure of all... Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJI2c4iAAoJEMV4f6PvczxAJ1IH+wWH7rpUuJoDLIPuEiYbgrq7 e4ACbHBlRg9KANMgtveYIsU3bgfr9ObiJsU0iWfJ1eNhh/ctVvDrpXCkCxzPKwPI qux1KcGJEGYIP3/l3xZZB/wH6kv6wWZmbyntUzCmeQvOR+/x9SIE8SvyWm6XlH5N sFt+Q/KiH0BRwtO9PVcweJ5dry70GAUwwQAeOLfEulzOWj8Hn/SyqRb55ibXZ+Sp AoiOtgLPUBgyTio+FvKn7UGpxsJtX9s0kGQVE8abhO8t+1nR0EIxPHbm1LzcwScY 5IAHaOh3OUBpOFGTbiwPmisTo9tHe5080+C3KP90zkxF2NCEylUyYTfESUhayj4= =/sqA -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users