CDR: Re: Phil Zimmerman Profiled
these days. However, he sees his contribution as critical, believing that "encryption software architectural decisions must be made by knowledgeable cryptographers, not software engineers." He has very firm opinions, for example, about Gnu Privacy Guard (GnuPG), an open source competitor to PGP. There's no doubt in Zimmermann's mind that GnuPG suffers for being managed by programmers. He offers the Blowfish encryption method as an example: "I would never, ever allow Blowfish to be implemented in PGP, because it's not as good a design as Twofish; Twofish is superior. PGP 7 implements Two fish. Yet we see GnuPG implemented Blowfish."
Even the Internet Engineering Task Force (IETF) makes cryptographic mistakes, he says. Zimmermann asserts, "I would never allow El-Gamal signatures to be put in PGP. I don't know how that got in" RFC 2440, which defines the OpenPGP standard.
It is the "knowledgeable cryptographer" Zimmermann who is responsible for the broken DSA signatures in PGP. And Additinal Decryption Keys are okay, but Blowfish is an inacceptable security risk? What a moron.
participants (1)
-
Ulf Möller