riseup.net OpenPGP Best Practices article

Robert J. Hansen rjh at sixdemonbag.org
Fri Jul 4 08:49:37 CEST 2014


This will be my last on the thread.

You've said several times that your interest is in making sure crypto
isn't the weak link in the chain.

Well, it's not.  We know it's not.  (And not just because of XKCD,
either.[*]).  Roughly one in four desktop PCs is already exploited.
Applications are a seething morass of Metasploit targets.  Physical
access trumps all and that the government is skilled at using Van Eyck
devices, black bag teams, subpoenas, national security letters, and more
to get what they want.  Organized crime has even fewer scruples and
nothing's off the table for them, including field expedient dentistry.

Given what a target-rich environment the net is, the difference between
a 3DES level of keyspace and an AES256 level of keyspace does not matter
a tinker's damn to whether your communications are safe.  I want to
emphasize this: the changes that you are passionately arguing about *do*
*not* *matter*.  And passionate argument about things that don't matter
is... bikeshedding.

No more bikeshedding.  My final statements about this thread:

* I've seen very little support from the list for your proposed
  best practices document,
* I conclude the community's sentiment is that the defaults are
  good,
* The FAQ will continue to recommend people use the defaults. [**]


[*] http://xkcd.com/538/
[**] as always, Werner gets final say!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140704/537ef746/attachment.sig>


More information about the Gnupg-users mailing list