GnuPG cryptographic defaults on the 2.2 branch

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Sep 21 17:39:21 CEST 2017


On Thu 2017-09-21 11:43:10 +0200, Peter Lebbing wrote:
> On 20/09/17 18:59, Daniel Kahn Gillmor wrote:
>> This statement seems to mix two different types of security requirements
>> -- security against malware or system compromise vs. security against
>> cryptanalytic attack.
>
> But if you're really up against people with that much cryptanalysis
> power, wouldn't they also be very advanced in different ways of attack?

maybe!  they might also have different cost analyses when comparing
detectable actions in the real world with actions they think they'll be
able to keep secret (or at least to deny easily).

I'm not saying these other avenues aren't worth defending against.  they
clearly are.  I'm saying that GnuPG isn't in a position to defend
against them, but it should take care of those aspects that it is in a
position to defend against.

> I think the NIST "by 2020" argument is much stronger than a worry about
> a super advanced machine that is in the worst scenario still a factor
> one billion removed from actually posing a threat to 2048-bit keys.

compliance with checkbox-driven quasi-regulatory guidance does sometimes
have its moments :)

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170921/f36542d3/attachment.sig>


More information about the Gnupg-devel mailing list