On Mar 13, 2010, at 5:55 AM, John Clizbe wrote:

> MFPA wrote:
>> On Saturday 13 March 2010 at 12:07:08 AM, in
>> <mid:de002b15-fa18-49a1-b7b0-5afaaf829...@jabberwocky.com>, David Shaw
>> wrote:
>>> On Mar 12, 2010, at 6:31 PM, Faramir wrote:
>>>> is there a way to disable the usage of 3DES in GnuPG, when
>>>> encrypting?
>>> Patch the source :)
>>> There is no way other than that.
>> 
>> Wouldn't "--disable-cipher-algo 3DES" achieve this?
> 
> "Google Is Your FriendĀ®"
>    http://www.google.com/search?&q=disable-cipher-algo+3des
> 
> http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/025042.html
> 
> "One" is, of course, free to shoot oneself in the foot. There is little 
> rational
> rationale for disabling 3DES.

It won't work anyway.  You can't remove 3DES from the cipher preferences with 
disable-cipher-algo.  The best you can do is set a personal-cipher-preferences 
with ciphers other than 3DES and then simply decline to communicate at all with 
people who have a 3DES-only key.  To make matters worse, not only does it not 
work in preventing 3DES being selected via preferences, disable-cipher-algo 
also has the unpleasant side effect of making the user unable to *decrypt* 3DES 
messages as well.

So setting disable-cipher-algo 3DES both doesn't accomplish what it was 
intended to, and also breaks other things.  I'd avoid it ;)

There will eventually come a day when 3DES will have to go.  We're not there 
yet, and it'll be a big deal from the OpenPGP perspective, given the special 
position that 3DES has within the protocol.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to