s2k-cipher-mode default

Robert J. Hansen rjh at sixdemonbag.org
Tue Jun 2 18:41:40 CEST 2015

> Peers that do not support AES256 are either extremely rare or
> hopelessly out of date.  Reducing the strength of the ciphers in use
> for the sake of preserving interop with these peers seems like a bad
> tradeoff.
> What do folks think about making this change to the defaults?

At present I'm against it, but my mind's not made up.

Right now pretty much everyone is content with RSA-3072, which has an
estimated work factor comparable to AES-128.  So if 128-bit crypto is
enough, I don't understand the motivation behind jumping to AES-256.
There needs to be something motivating this besides "bigger is better".

Let me turn the question around, dkg.  (Completely serious here, not
snark.)  What problem do we have with AES-128 that switching to AES-256
will solve?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3744 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20150602/a45c6ad6/attachment-0001.bin>

More information about the Gnupg-users mailing list