riseup.net OpenPGP Best Practices article

Johan Wevers johanw at vulcan.xs4all.nl
Wed Jun 25 21:53:16 CEST 2014


On 25-06-2014 8:25, Werner Koch wrote:

> This misunderstanding is actually an indication of the problem.  You are
> talking 4096 vs. 2048 while the more important case is to read the
> security announcements and update your gpg.

While important I don't loose a night's sleep over a DOS attack. It's
annoying but it doesn't reveal any confidential information.

> I wonder why the keysize triggers bikeshedding discussions in all
> security groups.

Perhaps a "better safe than sorry" approach after remembering that
RSA-768 was once (in the pgp 2.0 days) advertised as futureproof
"military-grade" encryption? Attacks only get better in time, never worse.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




More information about the Gnupg-users mailing list