GnuPG Defaults
Robert J. Hansen
rjh at sixdemonbag.org
Wed Sep 17 06:50:17 CEST 2008
Kevin Hilton wrote:
> I'm sure its probably contained in one of the RFC's, however when was
> DSA signing keys and ElGamal Encryption keys, along with the AES-256
> cipher and SHA1 digest chosen as the defaults for key generation? Any
> particular reasons these were chosen as the defaults?
DSA-1024 is a MUST in the RFC, and therefore is interoperable with every
conforming OpenPGP implementation. Likewise with SHA-1.
AES is a SHOULD, and is interoperable with the great majority of OpenPGP
applications (PGP 7.1+).
As DSA-2048 and DSA-3072 support becomes more commonplace (read: as
people migrate away from older versions of PGP and GnuPG, a process that
takes astonishingly long), you can expect to see the defaults change. I
don't know too many people who are still enthusiastic about DSA-1024,
although it's still considered infeasible to break it.
More information about the Gnupg-users
mailing list