Currently, arctwo-meta.c defines nettle_cipher structs for three key sizes,
nettle_arctwo40 nettle_arctwo64 nettle_arctwo128
I'm thinking that 40 bit and 64 bit keys are way too small, and I hope they aren't mainstream, and then maybe the first two definitions can be deleted.
(Keeping them for backwards compatibility is no big deal, but I'd prefer to only have reasonably secure ciphers on the nettle_ciphers list). The underlying arctwo_set_key function would still support all key sizes specified for arctwo, for applications which really need that.
The arctwo code, including these definitions, was added back in 2004 (a decade ago!), and the header says
/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for * direct use by Libgcrypt by Werner Koch and later adapted for direct * use by Nettle by Simon Josefsson and Niels Möller. * * The implementation here is based on Peter Gutmann's RRC.2 paper and * RFC 2268. */
Does anyone here know what applications or protocols use arctwo, and with which key sizes?
Regards, /Niels