[Announce] GnuPG 2.2.1 released

Werner Koch wk at gnupg.org
Wed Sep 20 08:32:04 CEST 2017

On Tue, 19 Sep 2017 17:37, ilf at zeromail.org said:

> Is there a reason the changes defaulting to 3072-bit RSA keys [1] and
> AES-256 [2] from refs/heads/master did not make it into
> refs/heads/STABLE-BRANCH-2-2?

That is not a bug fix and thus this won't go into 2.2 unless there is a
security problem or regulations require the use of rsa3072.  Those who
feel the need for longer keys can create longer keys.  Changing the
default does not increase security in any way.  With stronger security
requirements you need to tweak a lot of other things, for example it
would be paramount to use at least an airgapped box for such

> I would really love to see these changes in wide use - and I fear
> waiting for 2.3 will push this back for years for many users.

Nope.  We will anyway switch to ECC as soon as we can expect that most
users are ready to use ECC.  You can already create a key like this

  gpg --quick-generate-key foo at example.org future-default

> 2.2. OTOH, the NSA is apparently developing a new supercomputer named
> "WindsorGreen" believed to attack crypto, probably even "breaking

Maybe.  But that is irrelevant for most people: The real threat are
prêt-à-porter access methods: mass infection of all networked machines
are much cheaper and a more effective way than to break crypto.  That
needs to be addressed elsewhere but in crypto software.  Given the the
sad state of software security we can only hope for political solutions
against the use of government malware.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170920/b35872b6/attachment.sig>

More information about the Gnupg-devel mailing list