Re: PGP/GnuPG unsecure, should be replaced?

To: debian-security@lists.debian.org
Cc: malte@wk3.org
Subject: Re: PGP/GnuPG unsecure, should be replaced?
From: qmi <lista@miklos.info>
Date: Sun, 21 Jul 2019 18:27:16 +0200
Message-id: <[🔎] f27f6e4b-5273-4a5c-02e2-b49294fe7d59@miklos.info>
In-reply-to: <[🔎] 20190721143449.GA18664@wk3.org>
References: <[🔎] 20190719T132902.GA.b9b61.stse@fsing.rootsland.net> <[🔎] 8e0d9213-3026-fe3a-b901-996fe9f0ff63@miklos.info> <[🔎] 20190721143449.GA18664@wk3.org>

Hi

On 7/21/19 4:34 PM, Malte wrote:

lista@miklos.info transcribed 1.4K bytes on 20-Jul-2019 21:25:

I checked that article. For e.g. the article says, "If you’re lucky, your
local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher in CFB,
..."


"defaults to" and "supports" are two different words with two different
meanings. GnuPG's history is full of new features getting developed
while insecure defaults being kept.

Thanks for pointing out. Correct, I was not specific enough. GnuPG*defaults* to AES-128 when using symmetric encryption according to itsmanual page. In practice, it appears to be using AES-256. I would besurprised if the GnuPG version shipped by the most developer-friendlyLinux OS on the planet defaulted to a 64-bit block cipher. Perhaps anearlier version of GnuPG did default to CAST5 block cipher, as Wikipediaarticle states.

qmi

Reply to:

References:
- PGP/GnuPG unsecure, should be replaced?
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>
- Re: PGP/GnuPG unsecure, should be replaced?
  - From: "qmi (list)" <lista@miklos.info>
- Re: PGP/GnuPG unsecure, should be replaced?
  - From: Malte <malte@wk3.org>

Prev by Date: Re: PGP/GnuPG unsecure, should be replaced?
Next by Date: Re: PGP/GnuPG unsecure, should be replaced?
Previous by thread: Re: PGP/GnuPG unsecure, should be replaced?
Next by thread: Re: PGP/GnuPG unsecure, should be replaced?
Index(es):
- Date
- Thread