> Peers that do not support AES256 are either extremely rare or > hopelessly out of date. Reducing the strength of the ciphers in use > for the sake of preserving interop with these peers seems like a bad > tradeoff. > > What do folks think about making this change to the defaults?
At present I'm against it, but my mind's not made up. Right now pretty much everyone is content with RSA-3072, which has an estimated work factor comparable to AES-128. So if 128-bit crypto is enough, I don't understand the motivation behind jumping to AES-256. There needs to be something motivating this besides "bigger is better". Let me turn the question around, dkg. (Completely serious here, not snark.) What problem do we have with AES-128 that switching to AES-256 will solve?
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
