GnuPG cryptographic defaults on the 2.2 branch

ilf ilf at
Thu Sep 21 18:21:30 CEST 2017

Kristian Fiskerstrand:
> Although I tend to agree with the goal, the primary issue is a false 
> sense of security that can actually be a worse situation as data is 
> transmitted that wouldn't otherwise be.

As someone who argues for stronger default keysizes because they might 
help (however few) people in some cases, I am very much interested in 
arguments *against* raising the defaults. I would have expected 
computational overhead or waste of resources to argue against. But I 
doubt your argument is true. I would assume very, very few people would 
not enter things into a computer because the key size is 2048, which 
they would enter with a keysize of 3072 - and even if so, the problem 
would not be the default keysize we set, but user education here. Noone 
claims anything is unbreakable, and both 2048 and 3072 are very 
reasonable for the state being. I am merely asking for more safety 
margin, which comes at little to no cost.


Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170921/6da36b77/attachment.sig>

More information about the Gnupg-devel mailing list