"If you find yourself typing the letters A-E-S into your code, you're doing it wrong". Obviously moreso if you're typing D-E-S.
We give our clients a very simple recommendation when it comes to encrypting things:
* If you're encrypting data in motion, rely on SSL.
* If you're encrypting data at rest, rely on PGP/GPG.
There are plenty of libraries that will GPG a blob for you, and you can assume GPG got all the details right. That would have been the right call here (as opposed to figuring out CBC and --- importantly, for someone who is still fetishizing "salts" in 2009 --- how to safely set an IV).
As an obvious counter example, asymmetric encryption (gpg,et. al) is very slow. Which means that if I need to encrypt a lot of data at rest it sometimes makes sense to use a symmetric cipher.
Security (even just the subdomain of encryption) isn't that easy - there is no one-size-fits all solution.
GPG is a program. It isn't an algorithm. Consider reading it before you propose alternatives, which are likely to be broken.
Like I posted upthread, there's a laundry list of things that program is going to give you besides picking a better algorithm than "Triple DES" and a better block cipher mode. But listing them is just begging for a bunch of people to propose wack-ass alternative solutions that other people will feel obliged to waste time knocking down.
We give our clients a very simple recommendation when it comes to encrypting things:
* If you're encrypting data in motion, rely on SSL.
* If you're encrypting data at rest, rely on PGP/GPG.
There are plenty of libraries that will GPG a blob for you, and you can assume GPG got all the details right. That would have been the right call here (as opposed to figuring out CBC and --- importantly, for someone who is still fetishizing "salts" in 2009 --- how to safely set an IV).