Should I be using gpg or gpg2?

listo factor listofactor at mail.ru
Mon Sep 28 22:52:44 CEST 2015


On 09/28/2015 08:26 PM, Robert J. Hansen wrote:
>> Most od 2.x "improvements" have little to do with security.
>
> Per NIST, RSA-2048 is believed safe until 2030.  That means that if you
> need to keep secrets longer than fifteen years, you need to move away
> from RSA completely.  RSA-3072 is not all that much stronger than
> RSA-2048, and RSA-4096 adds even less.

Most of those that use gpg because they really, really need to keep
their secrets from their adversaries are concerned with this year
and next, not about A.D. 2030. Their enemy is mistakes caused by
overly complex interfaces, much more than residual differences
in the cryptographic primitives. (Kind of AK-47 vs M16 thing).

> If your name were Vint Cerf, Admiral Mike Rogers, Whit Diffie, or
> someone of that caliber...

I'm obviously not one of those gentlemen; my "caliber" is that of a
half-educated practitioner toiling in the trenches. But sometimes
those can offer observations that escape the admirals and generals...





More information about the Gnupg-users mailing list