s2k-cipher-mode default

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Jun 2 23:51:50 CEST 2015

On 6/2/2015 at 3:49 PM, "Robert J. Hansen" <rjh at sixdemonbag.org> wrote:

>Given this, I would feel much better if Werner were to spend his 
>time reviewing the code for exploitable bugs than spending even five 
>minutes changing the s2k default from AES-128 to AES-256.


but here's a consequence you might want to consider adding into your FAQ :

The s2k default is also the default for symmetrically encrypted messages
(which is fine, as long as people know about it).

If a person wants to symmetrically encrypt a message or file with AES 256,
or any other symmetric algorithm,
then the user will need to specify the option either in gnupg.conf or on the command line.


More information about the Gnupg-users mailing list