Quote from: limitlessone on January 12, 2013, 10:17 pmCame across a vendor using the BCPG implementation for his public key. I'm having issues encrypting with it. From decidedly brief research I understand its outdated and not secure.Is it possible to still use? Its a fairly large vendor so I'm surprised no one else has brought it up. Are that many people not sending secure messages?If the vendor is using a key with a Version: BCPG 1.x, then I would advise you to not just walk away, but RUN! The vendor obviously doesn't have the first fucking clue about security -- the use of keys generated by the Java BouncyCastle libraries has been discussed many times on here, and each time it was reiterated that this software was grossly unsafe. I don't know who this vendor is, but every one that I've come across, I've written to to warn them how unsafe this is. Many of these BCPG keys feature encryption sub-keys that are only 512-bits in length -- this is laughably insecure -- 512-bit keys were being broken 20 years ago by individuals using spare hardware they had laying about. Do yourself a big favour, and choose a vendor who takes the security of his customers seriously. Nightcrawler <Nightcrawler@SR>PGP-Key: 4096R/BBF7433B 2012-09-22Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433BPGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090