Multiple issues in GPG documentation

Jakob Bohm jb-gnumlists at wisemo.com
Tue Sep 16 10:52:20 CEST 2025 

On 9/14/2025 1:25 AM, Borden via Gnupg-users wrote:
>> The FAQ *does* recommend a couple of good ciphers. There is a recurriing line in the FAQ, words to the effect of "unless you know what you're doing and why, just use the defaults."
>>
> My point exactly. So why not streamline the documentation to explaining the defaults and offloading everything else to somewhere where keeners can go down the rabbit hole?
>
>> I can't answer that -- "best" is inherently subjective -- but I can give brief breakdowns on the different ciphers. And I was asked to do this often
>> enough that I just threw it in the FAQ.
>>
> Fair. Which is why I suggest consolidating it all into one question that goes to the effect of "The 'best' cyphers are the ones we set to the defaults."
>
> I think the question people mean to ask - as it's one I often have - is "What's the difference between them?" or "What's the best for _my_ situation?"
>
> If people are anything like me (and fortunately almost all of them aren't), I think they come from believing that if one algorithm were universally the best, everyone would use it. But since we have different algorithms, there surely must be some reason why people went through all that extra effort.
>
> Again, advising to offload discussion onto other sources, I think the best response to that FAQ is to provide a layman's difference between them. Something to the effect of "Algo X is faster than Y, but Y produces more compact hashes than Z, but Z has higher resistance to side attacks than X, etc."
>
> Wikipedia has comparison pages that, often in a tabular format, summarise the differences in whatever - like database engines or text editors. A table like that should shut most people up (if they bother to read it). If Wikipedia, or somewhere else, has a page comparing cyphers, so much the better. Link to it and save some typing.
20+ years ago, the cryptographic community had some very reliable
pages for each algorithm category called "lounges", each maintained
by an expert in the field.  Pages like "the hash function lounge" by
P. Barreto (Now gone, used to be at
http://www.larc.usp.br/~pbarreto/hflounge.html )

Back then, the world was in a phase of algorithm transitions due to
the introduction of 128 bit block ciphers by the AES competition.
   Nowadays, the biggest transition is the need to think about
quantum attacks on stored files, such as intercepted GPG-encrypted
mails.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the Gnupg-users mailing list