On 9/14/2025 1:25 AM, Borden via Gnupg-users wrote:
The FAQ *does* recommend a couple of good ciphers. There is a recurriing line in the FAQ,
words to the effect of "unless you know what you're doing and why, just use the
defaults."
My point exactly. So why not streamline the documentation to explaining the
defaults and offloading everything else to somewhere where keeners can go down
the rabbit hole?
I can't answer that -- "best" is inherently subjective -- but I can give brief
breakdowns on the different ciphers. And I was asked to do this often
enough that I just threw it in the FAQ.
Fair. Which is why I suggest consolidating it all into one question that goes to the
effect of "The 'best' cyphers are the ones we set to the defaults."
I think the question people mean to ask - as it's one I often have - is "What's the difference
between them?" or "What's the best for _my_ situation?"
If people are anything like me (and fortunately almost all of them aren't), I
think they come from believing that if one algorithm were universally the best,
everyone would use it. But since we have different algorithms, there surely
must be some reason why people went through all that extra effort.
Again, advising to offload discussion onto other sources, I think the best response to
that FAQ is to provide a layman's difference between them. Something to the effect of
"Algo X is faster than Y, but Y produces more compact hashes than Z, but Z has
higher resistance to side attacks than X, etc."
Wikipedia has comparison pages that, often in a tabular format, summarise the
differences in whatever - like database engines or text editors. A table like
that should shut most people up (if they bother to read it). If Wikipedia, or
somewhere else, has a page comparing cyphers, so much the better. Link to it
and save some typing.
20+ years ago, the cryptographic community had some very reliable
pages for each algorithm category called "lounges", each maintained
by an expert in the field. Pages like "the hash function lounge" by
P. Barreto (Now gone, used to be at
http://www.larc.usp.br/~pbarreto/hflounge.html )
Back then, the world was in a phase of algorithm transitions due to
the introduction of 128 bit block ciphers by the AES competition.
Nowadays, the biggest transition is the need to think about
quantum attacks on stored files, such as intercepted GPG-encrypted
mails.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
