On 6/24/2014 8:47 AM, Werner Koch wrote: > On Tue, 24 Jun 2014 05:55, fr...@frase.id.au said: > >> rounds today. Quite a lot of good info, especially regarding key >> strength and expiry, and digest preferences. > > Just for the records: _I_ do not consider the use of a 4096 bit RSA key > and a preference for SHA-512 a best practice. For a secure system it is > important to make the system stronger and not parts of the system which > will never be attacked in real life. Granted, there are user with a > need for non default algorithms, but those users have the resources to > develop a security policy which fits their use case.
I also generally agree that the default key size is a sensible choice for most users. I would think that adversaries will not try breaking the crypto at all: there's plenty of alternatives, from keyloggers to compelling the sender or recipient (through legal means or otherwise) to decrypt the message, that require considerably less resources. ObXKCD: http://xkcd.com/538/ That said, is there any particular reason for avoiding SHA-2? There's been discussion in the past regarding some other OpenPGP software not playing nicely with SHA-512, with recommendations to not use SHA-512. Is that still an issue? I've not run into any issues, but that's merely an anecdote. Would SHA-256 be a better (in the context of being more compatible) choice if one preferred using a non-SHA-1 hash? > How does a help 4096 key help if I can send you an encrypted mail which > will lock up your MUA until you kill it (unless your MUA has some kind > of timeout mechanism). There are more important things to be made > stronger than the key size. Absolutely. Obviously, using a too-weak key (e.g. 512-bit RSA) is a problem, but key size is not an issue with the defaults. Cheers! -Pete _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
