encryption algorithm

David Shaw dshaw at jabberwocky.com
Wed Dec 18 20:51:28 CET 2013

On Dec 18, 2013, at 5:41 AM, Werner Koch <wk at gnupg.org> wrote:

> On Wed, 18 Dec 2013 02:27, rjh at sixdemonbag.org said:
>> because you just shifted to arguing that "since GnuPG defaults to
>> AES-256, we need to use RSA-15000 by default otherwise the asymmetric
>    The rationale why we use the order AES256,192,128 is
>    for compatibility reasons with PGP.  If gpg would
>    define AES128 first, we would get the somewhat
>    confusing situation:
>      gpg -r pgpkey -r gpgkey  ---gives--> AES256
>      gpg -r gpgkey -r pgpkey  ---gives--> AES
> PGP prefers AES256 for the simple reason that the marketing deptartment
> told the engineering that 256 sounds stronger than 128 (according to one
> of their lead developers).

Plus the related reason why Camellia is ordered the same way: because it would look strange to have AES 256,192,128 and then Camellia 128,192,256 !

Now that we have the preference list scoring, though, the above change is no longer necessary.  Instead of using the command line ordering, the score code handles it the same way regardless.  In the above example, AES (not AES256) would be chosen no matter what the order.  The rationale from back then was:

	  /* Note the '<' here.  This means in case of a tie, we will
	     favor the lower algorithm number.  We have a choice
	     between the lower number (probably an older algorithm
	     with more time in use), or the higher number (probably a
	     newer algorithm with less time in use).  Older is
	     probably safer here, even though the newer algorithms
	     tend to be "stronger". */ 

I don't think it's worth changing the default ranking back at this point though.


More information about the Gnupg-users mailing list