Image of the glider from the Game of Life by John Conway
Skip to content

Update My Public Key

At your earliest convenience, you'll need to update my public key in your keyring. You can grab the cleaned copy from my site, or your can get an uncleaned copy from either the Ubuntu keyserver or the PGP keyserver. Please do not use the MIT PGP keyserver, until I can get straightened out why they won't accept my public key (I think it is more involved than just lack of support for photo IDs in keys).

The update is necessary to keep you from encrypting data to me using an algorithm that is not supported by GnuPG. At a previous job, I needed support for the IDEA algorithm, found in PGP2, so I imported that library into GPG and added support for it in my key. As I no longer need support for that patented algorithm, I've removed the preference from my key, which will affect the public key that you have.

If you have any errors encrypting data to me, or verifying my digital signature, please email me the error, along with a screenshot, so I can troubleshoot the issue. I believe I may have a few more cockroaches lying around, such as the IDEA algorithm.

{ 3 } Comments

  1. Lamont Peterson using Konqueror 3.5 on GNU/Linux | January 23, 2008 at 1:13 am | Permalink

    IIRC, the patent on the IDEA algorithm expired. Since the algorithm was created and patented in the mid 80's and patents only last 17 years and this is 2008, I'm pretty sure about this.

    Besides, there were some fatal flaws discovered long before the patent expired, anyway. If your previous employment really did insist on IDEA, then their encrypted communications were (relatively) easy to break. This is a far more important reason to not use IDEA, IMNSHO.

    Anyway, if you contact me, I'd be happy to try and help you get your key up on the MIT server. It really is the 'one true keyserver'. :)

  2. Aaron using Firefox 2.0.0.11 on Ubuntu 64 bits | January 23, 2008 at 5:23 am | Permalink

    @Lamont- As far as IDEA is concerned, the patent still holds until 2011, and until 2004, it had shown no weaknesses in cryptanalysis attacks. Bruce Schneier recommended the algorithm in 1996, even. I agree with you that there are definitely better algorithms available, however, due to practicality, it would still take a decent amount of computing power to break the encryption. It may have been reduced to 5 rounds, but that is not feasible on conventional hardware. SHA-1 has also shown to be weakened to 2^69 instead of 2^80 as planned, but breaking SHA-1, or even weakening it, takes far too great computing than the average person would hold. Practicality still rules.

  3. Lamont Peterson using Konqueror 3.5 on GNU/Linux | January 23, 2008 at 12:23 pm | Permalink

    @Aaron

    I remember Bruce recommending IDEA in the first edition of 'Applied Cryptography,' but not in the second, IIRC. Still I didn't realize he still did quite as late as 1996. I recall reading about weaknesses that had been discovered in IDEA by 1999.

    As to the IDEA patent, I thought had been issued much earlier, but perhaps it was just pending in the U.S. until 1993. It looks like the U.S. patent (#5,214,703) will expire in 2010.

    Thanks for the information.

    I didn't really say it earlier, but patents on cryptographic algorithms are not of much use. Even the <a hre="http://www.nist.gov/"NIST will only tolerate patented algorithms in their standardization processes if they are irrevocably licensed for all to use royalty-free. I think that's a great thing. There's so much more detail we could go into on that, but I'll save it for another time.

    Of course, you're right about practicality, which is, IMHO one of the reasons to not use IDEA, as it's pretty slow compared to today's crop of block cyphers, such as Blowfish/Twofish and AES.

Post a Comment

Your email is never published nor shared.

Switch to our mobile site