digest preferences [was: Re: diverging from upstream defaults]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 15 01:43:01 CEST 2017
On Wed 2017-09-13 12:13:15 -0400, Robert J. Hansen wrote:
>> --default-preference-list indicates what algorithms to advertise in a
>> newly-generated key. For most modern 64-bit computers, sha-512 is
>> faster to compute at any reasonable size, so it looks to me like the
>> published preference order should be changed to indicate a preference
>> for SHA512 by default. People with special hardware or custom needs can
>> always edit their configuration.
> Begging pardon, but this seems like a very weak justification to me.
> SHA512 versus SHA256 timings will be significant only for people doing
> lots of signatures on extremely large files in soft-realtime
> environments. Outside of that, really, who cares if SHA512 is a
> millisecond quicker when signing an email if you're handling under a
> thousand documents a day?
I agree that an argument about SHA512 being more performant isn't a
great one. However, there's often an assumption that the larger
security margin an algorithm has, the more expensive it is.
In this case, the argument for stating a preference for SHA-512 is
"larger security margin *and* a (slight) reduction in cost".
There is no change in the size of messages on the wire here.
So the move to stating a preference for SHA-512 seems like win-win to
Any other feedback on this suggestion? should i publish a change for
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: not available
More information about the Gnupg-devel