Date: Sat, 20 May 2000 23:40:41 -0700 From: Will Price To: pgp-users@cryptorights.org Subject: Re: [PGP-USERS] PGP Desktop Security 7.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We like Twofish best, so we're jumping the gun and putting it in ahead of AES. The philosophy that "the other AES finalists should also be included" is highly flawed to me. We spend a great deal of time selecting algorithms and considering their security. We don't just throw an algorithm into PGP because some users asked for it, and we certainly would never provide algorithm "pluggability" where anyone on the net could distribute a new algorithm to drop into PGP. Algorithm selection is not an arbitrary choice, and the vast majority (>99%) of the user base has no clue what the implications of for instance the reduced round attack on RC6 might be, or even that such an attack may have been found. Remember that any algorithm used by PGP must be available on *two sides* in order to be useful for PGP email. Deploying a new algorithm takes a lot of time and effort. We do not at all believe that every AES algorithm is equal. We think there are fundamentally better choices in that group than others. The measure of an algorithm is composed of all sorts of different variables including security, licensing, speed in software, speed in hardware, etc. PGP should only provide the cream of the crop in algorithm choices, and should automatically give users what we believe the best options are unless they explicitly tell us to use something else -- which in general should only occur in the event of a weakness being found in the default choices. PGP should never be treated as an algorithm dumping ground, a philosophy which only breeds incompatibility, confusion, and a blurring of the lines between the best algorithms and lesser algorithms. If something other than Twofish is selected for AES, we will probably (depending on what it is) include that algorithm. We would include Rijndael if that were selected, but if it is not then it is totally unnecessary to do so because Twofish serves that need. To answer the other question, RSA keys are still limited to 2048 until September 20 when the patent expires and we can use our internal RSA code instead of using RSA's BSAFE and RSAREF libraries. We will of course provide an update around that time. Robert Guerra wrote: > At 8:49 PM -0400 2000/5/20, Tom McCune wrote: > > >I found the following at: > >http://www.pgp.com/asp_set/products/tns/pgp70_reqts.asp > > > >>Cryptographic Algorithms Supported > >> > >> Public key algorithms: Diffie-Hellman/DSS, > >> RSA > >> with up to 4096-bit key lengths > > nothing new here unless 4096 applies to RSA as well. > >> > >> Symmetric algorithms: CAST (128-bit), 3DES > >> (168-bit), IDEA (128-bit), Twofish > >> (256-bit) > > twofish is new...but it hasn't won the AES competition. Can the > Rijndael cipher be added too? > > I believe that the other AES finalists should also be included. > It would make good sense to at least keep the others in mind in > case Twofish doesn't win. After all, it would be nice if PGP v.7 > could > have the AES winning candidate. - -- Will Price, Director of Engineering PGP Security, Inc. a division of Network Associates, Inc. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 (Build 173 Beta) iQA/AwUBOSeEFKy7FkvPc+xMEQJY2wCg/Um++PJO0oYBor7iRQpawqwhML0AoKJ9 JYshpOC3NtZ7r45FMf32+Q0Z =LaOS -----END PGP SIGNATURE-----