[Announce] GnuPG 2.2.1 released

ilf ilf at zeromail.org
Tue Sep 19 17:37:51 CEST 2017

Thanks for the release!

Werner Koch:
> Noteworthy changes in version 2.2.1 

Is there a reason the changes defaulting to 3072-bit RSA keys [1] and 
AES-256 [2] from refs/heads/master did not make it into 

1. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=909fbca19678e6e36968607e8a2348381da39d8c
2. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=73ff075204df09db5248170a049f06498cdbb7aa

I would really love to see these changes in wide use - and I fear 
waiting for 2.3 will push this back for years for many users.

I really see no argument against making those changes default in 2.2. 
OTOH, the NSA is apparently developing a new supercomputer named 
"WindsorGreen" believed to attack crypto, probably even "breaking 
older/weaker (1024 bit) RSA keys". [3] Now obviously, this is no proof, 
and 2048 bit RSA is still good, but it seems a good reminder to put some 
more safety margin between us and powerful attackers. Especially since 
these changes apply to newly generated keys, which are often used for 
many years to come.

3. https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/

On a sidenote, https://git.gnupg.org/ still links to 1.4, 2.0 and 2.1, 
but not 2.2. This could probably be adjusted.


Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170919/869ce3a5/attachment.sig>

More information about the Gnupg-devel mailing list