GnuPG cryptographic defaults on the 2.2 branch
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Sep 21 18:18:31 CEST 2017
On Thu 2017-09-21 17:53:36 +0200, Kristian Fiskerstrand wrote:
> Social problems can't be solved solely using technical means, and there
> is a severe lack of education/knowledge on security aspects such as,
> inter alia, operational security.
> Granted that is just as true for 2048 bit keylength, but thinking
> increasing it to 3072 bit has a noticeable impact on the actual
> security for the user on its own doesn't compute for me
weak crypto defaults can actually *discourage* operational security,
because some people come up with "why bother when the key is able to be
cracked anyway". I'm not saying that RSA-2048 should be considered
trivially breakable, but an argument about how unsophisticated users
experience choices of cryptographic defaults actually cuts both ways.
> and in some cases it can reduce the security as it isn't compatible
> with certain hardware tokens (like youbikey 3 neo).
Users with a yubikey (or other hardware tokens) will make keys that will
fit onto their devices. I don't think that the default is an issue for
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: not available
More information about the Gnupg-devel