[Announce] GnuPG 2.2.1 released
ilf
ilf at zeromail.org
Tue Sep 19 17:37:51 CEST 2017
Thanks for the release!
Werner Koch:
> Noteworthy changes in version 2.2.1
Is there a reason the changes defaulting to 3072-bit RSA keys [1] and
AES-256 [2] from refs/heads/master did not make it into
refs/heads/STABLE-BRANCH-2-2?
1. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=909fbca19678e6e36968607e8a2348381da39d8c
2. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=73ff075204df09db5248170a049f06498cdbb7aa
I would really love to see these changes in wide use - and I fear
waiting for 2.3 will push this back for years for many users.
I really see no argument against making those changes default in 2.2.
OTOH, the NSA is apparently developing a new supercomputer named
"WindsorGreen" believed to attack crypto, probably even "breaking
older/weaker (1024 bit) RSA keys". [3] Now obviously, this is no proof,
and 2048 bit RSA is still good, but it seems a good reminder to put some
more safety margin between us and powerful attackers. Especially since
these changes apply to newly generated keys, which are often used for
many years to come.
3. https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/
On a sidenote, https://git.gnupg.org/ still links to 1.4, 2.0 and 2.1,
but not 2.2. This could probably be adjusted.
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170919/869ce3a5/attachment.sig>
More information about the Gnupg-devel
mailing list