On Mar 13, 2010, at 5:55 AM, John Clizbe wrote: > MFPA wrote: >> On Saturday 13 March 2010 at 12:07:08 AM, in >> <mid:de002b15-fa18-49a1-b7b0-5afaaf829...@jabberwocky.com>, David Shaw >> wrote: >>> On Mar 12, 2010, at 6:31 PM, Faramir wrote: >>>> is there a way to disable the usage of 3DES in GnuPG, when >>>> encrypting? >>> Patch the source :) >>> There is no way other than that. >> >> Wouldn't "--disable-cipher-algo 3DES" achieve this? > > "Google Is Your FriendĀ®" > http://www.google.com/search?&q=disable-cipher-algo+3des > > http://lists.gnupg.org/pipermail/gnupg-devel/2009-May/025042.html > > "One" is, of course, free to shoot oneself in the foot. There is little > rational > rationale for disabling 3DES.
It won't work anyway. You can't remove 3DES from the cipher preferences with disable-cipher-algo. The best you can do is set a personal-cipher-preferences with ciphers other than 3DES and then simply decline to communicate at all with people who have a 3DES-only key. To make matters worse, not only does it not work in preventing 3DES being selected via preferences, disable-cipher-algo also has the unpleasant side effect of making the user unable to *decrypt* 3DES messages as well. So setting disable-cipher-algo 3DES both doesn't accomplish what it was intended to, and also breaks other things. I'd avoid it ;) There will eventually come a day when 3DES will have to go. We're not there yet, and it'll be a big deal from the OpenPGP perspective, given the special position that 3DES has within the protocol. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
