GnuPG cryptographic defaults on the 2.2 branch

ilf ilf at
Fri Sep 22 10:17:07 CEST 2017

Robert J. Hansen:
> But "it costs very little to get more margin", when our margin is 
> already a factor of a *billion* stronger than it needs to be, is just a 
> nonstarter.  If a billion isn't enough for you, then what is?

Yes, but this is *now*. But I am arguing for the future in a dozen or 
more years.

We're talking about defaults that will be used until the 2.3 release - 
that might be years. (2?)
Even the last 2.2 before 2.3 will be used by distributions years after. 
People generate keys with that 2.2 that will be used for encryption 
years after they are generated. (5?)
And *that* encryption should still be considered strong against attacks 
at least a decade after the initial encryption, in some cases way more 
than that.

That's a lot of assumptions about the future here, but I do think those 
values to be reasonable. So we're deciding *now* on what should have 
enough safety margin for in 20 years. Looking at the last 20, I'd rather 
be safe than sorry.

> There are some very good justifications to move to RSA-3072:

Well we agree on that. :)


Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170922/1f6b126b/attachment.sig>

More information about the Gnupg-devel mailing list