GnuPG cryptographic defaults on the 2.2 branch

Kristian Fiskerstrand kristian.fiskerstrand at
Thu Sep 21 17:53:36 CEST 2017

On 09/21/2017 05:39 PM, Daniel Kahn Gillmor wrote:
> I'm not saying these other avenues aren't worth defending against.  they
> clearly are.  I'm saying that GnuPG isn't in a position to defend
> against them, but it should take care of those aspects that it is in a
> position to defend against.

Although I tend to agree with the goal, the primary issue is a false
sense of security that can actually be a worse situation as data is
transmitted that wouldn't otherwise be.

Social problems can't be solved solely using technical means, and there
is a severe lack of education/knowledge on security aspects such as,
inter alia, operational security. Granted that is just as true for 2048
bit keylength, but thinking increasing it to 3072 bit has a noticeable
impact on the actual security for the user on its own doesn't compute
for me, and in some cases it can reduce the security as it isn't
compatible with certain hardware tokens (like youbikey 3 neo).

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"If you choose to sail upon the seas of banking, build your bank as you
would your boat, with the strength to sail safely through any storm."
(Jacob Safra (1891–1963))

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170921/0d7cad31/attachment.sig>

More information about the Gnupg-devel mailing list