riseup.net OpenPGP Best Practices article
johanw at vulcan.xs4all.nl
Wed Jun 25 21:53:16 CEST 2014
On 25-06-2014 8:25, Werner Koch wrote:
> This misunderstanding is actually an indication of the problem. You are
> talking 4096 vs. 2048 while the more important case is to read the
> security announcements and update your gpg.
While important I don't loose a night's sleep over a DOS attack. It's
annoying but it doesn't reveal any confidential information.
> I wonder why the keysize triggers bikeshedding discussions in all
> security groups.
Perhaps a "better safe than sorry" approach after remembering that
RSA-768 was once (in the pgp 2.0 days) advertised as futureproof
"military-grade" encryption? Attacks only get better in time, never worse.
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users