2 fish... that in it's self is bad. AES, sure lets all be ok about that. I also read the article and I realise I still rely on gpg far too much and that I need to ween myself off of it!
Iain On Sat, Jul 20, 2019 at 8:33 PM qmi (list) <li...@miklos.info> wrote: > Hi, > > On 7/19/19 1:34 PM, Stephan Seitz wrote: > > I found the following article about PGP/GnuPG: > > https://latacora.singles/2019/07/16/the-pgp-problem.html > > > > In short you should drop GnuPG because it doesn’t do anything really > > the right way. It should be replaced with different tools for > > different situations. > > I checked that article. For e.g. the article says, "If you’re lucky, > your local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher > in CFB, ..." > > Wrong. The current implementation of GnuPG shipped by Debian Buster - > version 2.2.12 - does support modern cryptographic standards for > symmetric encryption, not only CAST5. For e.g., it does support twofish > and aes. Both of which use 128-bit block sizes, AFAIK. See command > output for gpg below about supported algorithms: > > " > > qmi@qmiacer:~$ gpg --version > > gpg (GnuPG) 2.2.12 > (...) > Supported algorithms: > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > CAMELLIA128, CAMELLIA192, CAMELLIA256 > (...) > " > > So it's good enough, apparently. > > > > > Debian is using GnuPG for signing files. From the article: > > > > Signing Packages > > > > Use Signify/Minisign. Ted Unangst will tell you all about it. It’s what > > You may be right, though. That tool might have better bindings for > modern programming languages. > > Regards, > -- > qmi > Email: li...@miklos.info > >