SSH Agent keys >4096 bit?

Werner Koch wk at
Mon May 7 10:13:40 CEST 2012

On Sat,  5 May 2012 12:08, peter at said:

> Why should the GnuPG authors include a feature they don't believe in? If
> it's in GnuPG official, it will need to be supported. What if there is

It is marketing again.  PGP started to use AES-256 for marketing reasons
and thus we more or less forced to do include support for AES-256.  We
initially even did not put AES-256 on top of the cipher preferences,
but we even had to change even this:

            /* The rationale why we use the order AES256,192,128 is
               for compatibility reasons with PGP.  If gpg would
               define AES128 first, we would get the somewhat
               confusing situation:

                 gpg -r pgpkey -r gpgkey  ---gives--> AES256
                 gpg -r gpgkey -r pgpkey  ---gives--> AES

               Note that by using --personal-cipher-preferences it is
               possible to prefer AES128.

> And you seem to forget that when you use GnuPG with (for example) 4k
> keys, the 4k key is simply not the weakest link! This has been said already.


> data is that valuable, keep it to yourself. Don't give even the
> encrypted variant to your enemy. Because your formidable enemy will know
> of a way to decrypt it without breaking your 8k key.

Well, even the former option is subject to a pretty cheap rubber hose
cryptanalysis.  It all depends on your threat model.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list