Multiple issues in GPG documentation
Robert J. Hansen
rjh at sixdemonbag.org
Sat Sep 13 01:49:02 CEST 2025
Hi! I'm the principal author of the FAQ.
> 4. The FAQs would benefit from updating
Yes, they would. I stepped away from my role as FAQ maintainer a few
years ago in protest of some very unwise decisions by the FSF. It's been
unmaintained since. I'm working on a totally rewritten FAQ, but it will
be entirely my own work and not FSF/FSFE supported. Unfortunately,
progress on this has gone quite slowly due to a health crisis (which is
slowly improving, thank you to everyone who's thought of me).
> I don't think questions like "Is this the official GnuPG FAQ?" are
> that "frequently asked."
That was in fact the *most* frequently asked. It started life as my own
personal list of questions people kept asking me. Far and away the most
commonly asked question was whether my personal FAQ represented official
guidance from GnuPG and/or whether I was an official team member. That
FAQ used to have an answer of "No, and I'm not part of the GnuPG team."
> More topically, it has several FAQs discouraging users from using
> anything longer than RSA-2048, when it now defaults to RSA-3072.
Yes, it badly needs a refresh.
> 6. I question whether the FAQ's discussion on algorithms in is up-to-
> date. It gives no mention to ed25519, which I understand is the most
> reliable ECC cypher. It says that 3DES is still reliable, but I
> thought all DES-based cyphers were obsolete. I've never seen
> Camellia offered as a GPG cypher option, so I'm not sure of the
> relevance of including it. You get the picture.
It predates widespread adoption of ECC.
3DES is still considered secure for files under about 8 MiB in size.
Past that you run into an unacceptable risk of block collision attacks.
The FAQ's guidance on 3DES is still accurate. (It may say to avoid 3DES
for files larger than 1 GiB, which was accurate at the time of writing.)
3DES is not a recommended cipher due to the 64-bit block size, or how
slow and inefficient it is. There are many good reasons to prefer more
modern algorithms and I don't want to be mistaken for sounding like I'm
recommending 3DES. I'm not.
But it's still considered quite safe against cryptanalysis for files
smaller than 8 MiB.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250912/16869f19/attachment.sig>
More information about the Gnupg-users
mailing list