* Kurt Roeckx: > On Tue, Nov 17, 2015 at 07:10:00PM +0100, Florian Weimer wrote: >> * Viktor Dukhovni: >> >> > If I were to guess, it would be that the base crypto implementations >> > of IDEA, SEED and binary elliptic curves need to stay. We could >> > perhaps get away with removing CAST and RIPEMD. >> >> Just one data point: CAST5 is still the default for GnuPG when using >> symmetric encryption. > > Not in gnupg 2 afaik.
Debian stable has GnuPG 2.0.26, and it still uses CAST5: $ gpg2 --batch --passphrase - -c < /dev/null | gpg2 --batch --passphrase - --list-packets :symkey enc packet: version 4, cipher 3, s2k 3, hash 2 salt 45c1df2dc3dd11c2, count 2490368 (179) gpg: CAST5 encrypted data :encrypted data packet: length: 22 gpg: encrypted with 1 passphrase :compressed packet: algo=1 :literal data packet: mode b (62), created 1447798993, name="", raw data: 0 bytes gpg: WARNING: message was not integrity protected GnuPG 2.0 is still “the stable version suggested for most users”, unfortunately. GnuPG 2.1 has indeed switched to AES-128, but only in September 2014. Florian _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev