s2k-cipher-mode default

Werner Koch wk at gnupg.org
Tue Jun 2 20:38:13 CEST 2015

On Tue,  2 Jun 2015 19:25, dkg at fifthhorseman.net said:

>> I am fine to switch to AES-128 for 2.0 too.
> Any reason to avoid it for the 1.4 branch?

Can be done.

> This is the case for symmetric backups.  For secret key protection, the
> time difference is negligible compared to things like passphrase entry.

Secret key protection does not require that strength.  Do you really
thing anyone is using a passphrase (intended to be memorized) with more
than 128 bit of entropy?

Anywa, I won't care whether this is AES-256 or AES-128 - implementation
wise it does not make a real difference to implement one or both.

> As you say, CPU is not the bottleneck on modern systems dealing with
> this kind of data, either large or small.  So why not move to stronger

Why using cycles and energy without a reason?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list