Security doubts on 3DES default
Werner Koch
wk at gnupg.org
Thu Mar 16 20:37:32 CET 2017
On Thu, 16 Mar 2017 15:55, peter at digitalbrains.com said:
> Perhaps we should either retire ciphers with a 64-bit block length or
> make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no
> longer up to the user to be prudent with large amounts of data.
Those who have large amounts of data to encrypt will anyway use a fast
cipher and this means AES. Thus the 64 bit block length is in practice
only a theoretical problem. A more practical problem is how to protect
against arbitrary I/O or storage errors. Thus in the end you will store
the data anyway in chunks.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170316/76fef9fd/attachment.sig>
More information about the Gnupg-users
mailing list