[Pkg-gnupg-maint] Bug#225888: Bug#225888: closed by Daniel Leidert <daniel.leidert at wgdd.de> (gnupg: slight improvement of docs regarding IDEA)

[Werner Koch]

Hi!


Let me state it again: There is no IDEA support for GnuPG - there has
never been any support - the reason to write GnuPG was due to the IDEA
and RSA patents.  Even after 2010 (or whatever the patent stuff says)
there will be no IDEA support - IDEA is OBSOLETE, it is an old cipher
algorithm with a 64 blocksize which is not sufficient for todays amounts
of data.

OpenPGP provides a preferences system which takes care that nobody with
a sane mind will use IDEA for any encryption.  Granted: There are
probably a few people out there with IDEA encrypted files - but those
folks still have a copy of pgp-2 and know about the IDEA problems.  If
they want to drop pgp-2 they should just re-encrypt their stuff.  And
actually they should really drop use pgp-2 because it requires the use
of MD5 and thus all public keys can't be relied upon anymore if the Web
of Trust is used.

FWIW, there is an idea.c file floating somewhere around and there is
some limited support in the code to use it.  That file stems from my
first experiments with gpg (at that time called g10) and was never
intended to go wth gpg, proper - it was and is reasearch only. There is
no need to include any support for it in Debian.

I habe been threatened by MediaCrypt in the past to buy and announce an
IDEA license for gpg.  I am not willing to give them any chance to
threaten the users of GnuPG by stating that we have any kind of real
support for IDEA.  And thus the only change to published information
might be to entirely remove all mentioning of IDEA.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.