[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP/GnuPG unsecure, should be replaced?

lista@miklos.info transcribed 1.4K bytes on 20-Jul-2019 21:25:
> 
> I checked that article. For e.g. the article says, "If you’re lucky, your
> local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher in CFB,
> ..."
> 
> Wrong. The current implementation of GnuPG shipped by Debian Buster -
> version 2.2.12 - does support modern cryptographic standards for symmetric
> encryption, not only CAST5. For e.g., it does support twofish and aes. Both
> of which use 128-bit block sizes, AFAIK. See command output for gpg below
> about supported algorithms:

"defaults to" and "supports" are two different words with two different
meanings. GnuPG's history is full of new features getting developed
while insecure defaults being kept.

I think, before moving to something completely new, like signify,
moving to something like Sequoia PGP (https://sequoia-pgp.org),
might be a good first step, as it fits better with the already
existing infrastructure 🤷


Sincerely,

Malte
Reply to: