My point exactly. So why not streamline the documentation to explaining the defaults and offloading everything else to somewhere where keeners can go down the rabbit hole?
There are a few answers there. All are accurate. (a) nobody asks what the defaults are, (b) at the time it was written GnuPG was in transition: the defaults were changing, and hence it was impossible to say what "the defaults" were without going into detail about GnuPG versions, (c) a refreshed FAQ probably would explain the defaults, since we're in a period of algorithmic stability.
Fair. Which is why I suggest consolidating it all into one question that goes to the effect of "The 'best' cyphers are the ones we set to the defaults."
Because few people asked the best symmetric algorithm to use, but lots of people asked the best asymmetric algorithm to use. This is why the FAQ only talks about asymmetric algorithms. https://gnupg.org/faq/gnupg-faq.html#new_key_algo Again, a refreshed FAQ would probably address this differently.
I think the question people mean to ask - as it's one I often have - is "What's the difference between them?" or "What's the best for _my_ situation?"
Although that is a FAQ, it's one I deliberately didn't answer because all the answers are unsatisfactory. They run between, "How should I know what your situation is?" to "for $300 an hour, I'll happily listen to your specific needs and give you a tailored recommendation, which will probably be 'just use the defaults, they're great for you'." A FAQ is not personalized for individual questioners, and it needs to avoid questions that require personal intervention.
If people are anything like me (and fortunately almost all of them aren't), I think they come from believing that if one algorithm were universally the best, everyone would use it. But since we have different algorithms, there surely must be some reason why people went through all that extra effort.
There may be virtue in asking "why does GnuPG support so many algorithms?", but the answer is unsatisfactory: "because RFC4880bis has support for so many algorithms, go ask them why, we just implement the standard." One hard-and-fast rule I made with the FAQ is I don't explain the RFCs. GnuPG implements RFC4880bis; if RFC4880bis says X, GnuPG does X, if you want to know why X you need to ask the Working Group. I don't write code for any OpenPGP/LibrePGP implementation and I have zero involvement in the development of the RFCs. (Until early this year, I was an IT contractor for the United States government. Many people in the community think the United States government is untrustworthy and/or dedicated to sabotaging secure communications. I disagree with that position utterly, but I respect it: and thus, to minimize the amount of stress I bring to the community, I don't participate in either the Working Group or GnuPG development. I used to write a FAQ, that's it.)
Again, advising to offload discussion onto other sources, I think the best response to that FAQ is to provide a layman's difference between them. Something to the effect of "Algo X is faster than Y, but Y produces more compact hashes than Z, but Z has higher resistance to side attacks than X, etc."
Absolutely not. Flat no. This is counterproductive. The differences between Camellia256 and Twofish, for instance, are... well, there are a lot of them, but for the layman the whole of our advice could be (should be!) "all the 256-bit ciphers are effectively identical for lay purposes, please only use the other ciphers for small messages of smaller than 8 MiB." But that doesn't satisfy the crypto Tom, Dick, and Harry crowd, who are absolutely certain that (a) there are significant differences and (b) they have the mathematical and engineering background necessary to judge which is best for them. (a) might be true. (b) rarely is, and I'm not going to try to educate people for free.
Wikipedia has comparison pages that, often in a tabular format, summarise the differences in whatever - like database engines or text editors. A table like that should shut most people up (if they bother to read it). If Wikipedia, or somewhere else, has a page comparing cyphers, so much the better. Link to it and save some typing.
No. "Unless you know what you're doing and why, use the defaults" is the best advice. Do you need to comply with older versions of the EMV standards? Use 3DES. Need to comply with Japanese government standards? Use Camellia256. Need a 128-bit-block cipher that works with PGP 7? Use Twofish. Need to interoperate with *really really old* GnuPG? Use Blowfish. Etc., etc. The other ciphers exist for special needs. There is no meaningful tradeoff matrix that could be written. Unless you know what you're doing and why, use the defaults. If you know what you're doing and why you need to change things, well, you have options.
Perfect answer. Plug it in the FAQ.
To remind you, I am recovering from a major health crisis and I am not working on the FAQ very much right now. :)
Noted. Would also be a good column for that table: "One-way hash"; "Asymmetric"; "Symmetric"
Why? 'gpg --version' already does that.
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
And, to me, that's largely a string of random characters. Again, would be great if the major differences were summarised in a comparison table or something.
That's why unless you know what you're doing and why, you should use the defaults. :)
This is all fascinating, and I hope someone other than me found it useful, but we've gone a bit off topic. The documentation (particularly man pages) seems to have obvious errors and omissions. Any chance of fixing those?
I don't want to get too deep into the weeds with my health concerns, but here's the problem: I suffered internal bleeding which, coupled with my anemia, resulted in my practically bleeding to death internally. My blood's ability to carry oxygen was down to under 30% that of a healthy person, and stayed there for multiple days before my friends hauled me off to the emergency department and saved my life. Most people who suffer my level of internal bleeding die; I am grateful to have survived. Unfortunately, my entire body suffered from long-term oxygen deprivation. My body prioritized my heart and brain for blood delivery, which starved the rest of my body even more. My muscles, body-wide, wasted away to the point I was incapable of rolling over in bed, and just breathing left me utterly exhausted. I've spent months in physical therapy reacquiring the ability to move. I can now shuffle around my apartment for brief periods without a cane or other balance assists, but I'm still in intensive physical therapy. This is my way of explaining to you that when I say, "right now the FAQ is not a high priority for me," you understand that right now the FAQ is essentially zero priority for me. I will get around to it when I get around to it, and no sooner. :)
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
