riseup.net OpenPGP Best Practices article

Werner Koch wk at gnupg.org
Tue Jun 24 08:47:59 CEST 2014

On Tue, 24 Jun 2014 05:55, frase at frase.id.au said:

> rounds today.  Quite a lot of good info, especially regarding key
> strength and expiry, and digest preferences.

Just for the records: _I_ do not consider the use of a 4096 bit RSA key
and a preference for SHA-512 a best practice.  For a secure system it is
important to make the system stronger and not parts of the system which
will never be attacked in real life.  Granted, there are user with a
need for non default algorithms, but those users have the resources to
develop a security policy which fits their use case.

How does a help 4096 key help if I can send you an encrypted mail which
will lock up your MUA until you kill it (unless your MUA has some kind
of timeout mechanism).  There are more important things to be made
stronger than the key size.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list