[email protected] transcribed 1.4K bytes on 20-Jul-2019 21:25: > > I checked that article. For e.g. the article says, "If you’re lucky, your > local GnuPG defaults to 2048-bit RSA, the 64-bit-block CAST5 cipher in CFB, > ..." > > Wrong. The current implementation of GnuPG shipped by Debian Buster - > version 2.2.12 - does support modern cryptographic standards for symmetric > encryption, not only CAST5. For e.g., it does support twofish and aes. Both > of which use 128-bit block sizes, AFAIK. See command output for gpg below > about supported algorithms:
"defaults to" and "supports" are two different words with two different meanings. GnuPG's history is full of new features getting developed while insecure defaults being kept. I think, before moving to something completely new, like signify, moving to something like Sequoia PGP (https://sequoia-pgp.org), might be a good first step, as it fits better with the already existing infrastructure 🤷 Sincerely, Malte
