Re: PGP/GnuPG unsecure, should be replaced?
lista@miklos.info transcribed 1.4K bytes on 20-Jul-2019 21:25:
>
> I checked that article. For e.g. the article says, "If you’re lucky, your
> local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher in CFB,
> ..."
>
> Wrong. The current implementation of GnuPG shipped by Debian Buster -
> version 2.2.12 - does support modern cryptographic standards for symmetric
> encryption, not only CAST5. For e.g., it does support twofish and aes. Both
> of which use 128-bit block sizes, AFAIK. See command output for gpg below
> about supported algorithms:
"defaults to" and "supports" are two different words with two different
meanings. GnuPG's history is full of new features getting developed
while insecure defaults being kept.
I think, before moving to something completely new, like signify,
moving to something like Sequoia PGP (https://sequoia-pgp.org),
might be a good first step, as it fits better with the already
existing infrastructure 🤷
Sincerely,
Malte
Reply to: