riseup.net OpenPGP Best Practices article

Cpp tzornik at gmail.com
Tue Jun 24 09:36:22 CEST 2014


I was going to create a new PGP key myself by following that article.
Werner, do you have any more input or comments to add regarding that
article? I am curious to hear input from multiple sources/people.



On 6/24/14, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 24 Jun 2014 05:55, frase at frase.id.au said:
>
>> rounds today.  Quite a lot of good info, especially regarding key
>> strength and expiry, and digest preferences.
>
> Just for the records: _I_ do not consider the use of a 4096 bit RSA key
> and a preference for SHA-512 a best practice.  For a secure system it is
> important to make the system stronger and not parts of the system which
> will never be attacked in real life.  Granted, there are user with a
> need for non default algorithms, but those users have the resources to
> develop a security policy which fits their use case.
>
> How does a help 4096 key help if I can send you an encrypted mail which
> will lock up your MUA until you kill it (unless your MUA has some kind
> of timeout mechanism).  There are more important things to be made
> stronger than the key size.
>
>
> Salam-Shalom,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>



More information about the Gnupg-users mailing list