encryption algorithm

Robert J. Hansen rjh at sixdemonbag.org
Wed Dec 18 02:53:12 CET 2013


> I never attributed RSA-1024 to you: i'm merely pointing out that good
> enough for "virtually all users" and "virtually all purposes" is the
> wrong way to select choices that we want to cover the most vulnerable
> targets.

Sorry for the double response -- I thought I'd included this in my
previous mail, but I didn't.

I am not in favor of covering more than 'virtually all users' and
'virtually all purposes.'  The difference between 99% of GnuPG's users
and 100% of GnuPG's users is, first of all, impossible to close, and
second of all, requires ever-increasing expense just to approximate it.

Phil Z. designed PGP to be Pretty Good Privacy.  Not perfect... just
pretty good.  GnuPG is quite clearly built in the same vein.

"Virtually all" is the right way to select defaults.  The next step
beyond "virtually all" is "all."  We can't achieve that and it's foolish
to try.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131217/6718f2d1/attachment.sig>


More information about the Gnupg-users mailing list