Should one really disable AEAD for recent GnuPG created PGP keys?
Tobias Leupold
tl at stonemx.de
Tue Mar 5 08:42:11 CET 2024
Hi Vincent!
Thanks a lot for this insight!
When it comes to encryption, I would consider myself a "power user", but
still a user. I never heard of all this until now. What I, from the
perspective of an end-user, saw was: I generate a new key. And then:
"Pass no work on me phone anymore, OpenKeychain bad!" ;-)
This whole thing is awkward. As a normal user, you currently have no
chance to even know this.
So, is what they propose in the Arch wiki the way to go to stick to
non-embattled interoperable settings? (setpref AES256 AES192 AES SHA512
SHA384 SHA256 SHA224 ZLIB BZIP2 ZIP)?
I see the rationale for a performant block cipher. But that's nothing I
need for my use-case; there's simply no advantage at all. Most probably
for most users. So if there's no broad consensus about this, such an
option should be hidden behind some "expert" flag, for people knowing
what they do, and who are willing to trade off interoperability for
performance. It should not be a default setting letting users like me
run into problems they can't grasp without deep research.
I don't want to join a "faction". I don't want to participate in a
religious war. I just want to use encryption ...
I'll file a Gentoo bug about this and see what the devs/maintainers say.
Cheers, Tobias
More information about the Gnupg-users
mailing list