I would say chacha2020 is also a strong cipher up there with AES. The fact that AES uses lookup table with an index derived from the secret makes general implementations vulnerable to cache-timing attacks. ChaCha20 is not vulnerable to such attacks. (AES implemented through AES-NI is also not vulnerable, but I don’t know if GPG’s implementation of it uses that) It also has the benefit of being made by Daniel J. Bernstein which is the same guy who formulated the Ed25519 curve and fought off the US government in court in declassifying elliptic curve crypto from being a military munition. You can see the rfc for the algorithms here: https://tools.ietf.org/html/rfc7539
On May 31, 2019, at 11:58 AM, Robert J. Hansen <r...@sixdemonbag.org> wrote: >> What is the encryption engine for the current GnuPG. > > By default, AES. Other algorithms are possible but not recommended. > The only other algorithms I'd recommend are Twofish and Camellia. > >> I know IDEA is proprietary so that can’t be used > > It can be used. You'd be insane to actually use it, but that doesn't > change the fact it can be used. > > IDEA was broken in 2011-2012 using meet-in-the-middle attacks and a > bicliques attack. These aren't attacks on reduced-round variants of > IDEA. This is the full-strength algorithm has been found vulnerable to > at least two different methods of cryptanalysis. Right now those > attacks aren't terribly significant -- they shave a few bits off the > strength of the cipher -- but those attacks will only get better over time. > > I'm unaware of any cryptographer who's still seriously studying IDEA. > It's considered to have taken a hit below the waterline. Please do not > use IDEA for generating new traffic. Please only use IDEA to read > existing traffic. > >> If it’s NIST AES that is under the US Government? > > No. It's a Belgian-designed algorithm with no connection to the United > States government. This algorithm, called "Rijndael", works with a > variety of block sizes and key sizes. > > All the United States government did was say "Rijndael with a 128-bit > block size will be our new Advanced Encryption Standard, and AES will > support key sizes of 128, 192, and 256 bits." > > That's it. > >> Wouldn’t that be in danger of a US back door in the algorithm? > > No. An excellent reason to believe there is no back door comes from the > fact the United States government uses AES to secure its most > confidential information -- it's one of the few algorithms that's > certified for use at the Top Secret level. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
