I must have picked that up somewhere I didn't check when I was younger and just took it as fact leading to fail :( Sorry!
I am not a cryptographic expert - IANACE?? Iain On Sun, Jul 21, 2019 at 8:11 PM Elmar Stellnberger <[email protected]> wrote: > Why do you think that TwoFish is bad? It was invented by Bruce Schneier > and was in the last round of the AES competition. I believe it to be the > better choice than AES. > Am 20.07.19 um 21:41 schrieb Iain Grant: > > 2 fish... that in it's self is bad. AES, sure lets all be ok about > that. > > I also read the article and I realise I still rely on gpg far too much and > that I need to ween myself off of it! > > > Iain > > On Sat, Jul 20, 2019 at 8:33 PM qmi (list) <[email protected]> wrote: > >> Hi, >> >> On 7/19/19 1:34 PM, Stephan Seitz wrote: >> > I found the following article about PGP/GnuPG: >> > https://latacora.singles/2019/07/16/the-pgp-problem.html >> > >> > In short you should drop GnuPG because it doesn’t do anything really >> > the right way. It should be replaced with different tools for >> > different situations. >> >> I checked that article. For e.g. the article says, "If you’re lucky, >> your local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher >> in CFB, ..." >> >> Wrong. The current implementation of GnuPG shipped by Debian Buster - >> version 2.2.12 - does support modern cryptographic standards for >> symmetric encryption, not only CAST5. For e.g., it does support twofish >> and aes. Both of which use 128-bit block sizes, AFAIK. See command >> output for gpg below about supported algorithms: >> >> " >> >> qmi@qmiacer:~$ gpg --version >> >> gpg (GnuPG) 2.2.12 >> (...) >> Supported algorithms: >> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA >> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, >> CAMELLIA128, CAMELLIA192, CAMELLIA256 >> (...) >> " >> >> So it's good enough, apparently. >> >> > >> > Debian is using GnuPG for signing files. From the article: >> > >> > Signing Packages >> > >> > Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what >> >> You may be right, though. That tool might have better bindings for >> modern programming languages. >> >> Regards, >> -- >> qmi >> Email: [email protected] >> >>
