riseup.net OpenPGP Best Practices article

Nex6|Bill n6ghost at yahoo.com
Tue Jun 24 18:21:31 CEST 2014


I recently, generated a new keypair (GPG4win), and the defaults presented where RSA/2048. I did, some digging around on the RSA vs DSA thing and RSA still seems
to be the recommended way to go, the only thing I did was up my key size to 4096 I left all the other defaults.....

  


On Monday, June 23, 2014 11:52 PM, Werner Koch <wk at gnupg.org> wrote:
 

>
>
>On Tue, 24 Jun 2014 05:55, frase at frase.id.au said:
>
>> rounds today.  Quite a lot of good info, especially regarding key
>> strength and expiry, and digest preferences.
>
>Just for the records: _I_ do not consider the use of a 4096 bit RSA key
>and a preference for SHA-512 a best practice.  For a secure system it is
>important to make the system stronger and not parts of the system which
>will never be attacked in real life.  Granted, there are user with a
>need for non default algorithms, but those users have the resources to
>develop a security policy which fits their use case.
>
>How does a help 4096 key help if I can send you an encrypted mail which
>will lock up your MUA until you kill it (unless your MUA has some kind
>of timeout mechanism).  There are more important things to be made
>stronger than the key size.
>
>
>Salam-Shalom,
>
>   Werner
>
>-- 
>Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140624/84217857/attachment.html>


More information about the Gnupg-users mailing list