[pkg-gnupg-maint] diverging from upstream defaults

[Werner Koch]

On Fri,  8 Sep 2017 02:04, dkg at fifthhorseman.net said:

>>  * default RSA key size: 2048 → 3072
>>  
>>  * default cipher algorithm: AES128 → AES256
>>
>>  * default signature digest: SHA256 → SHA512
>>  
>>  * digests in default personal-digest-preferences  : SHA-256,SHA-384,SHA-512,SHA-224,SHA-1 → SHA-512,SHA-384,SHA-256,SHA-224,SHA-1
>>
>>  * default s2k duration (calibrated by agent): 100ms → 300ms
>
>
> I didn't need to do this one, because upstream has already done it, yay!:

Nope, we only swapped the AES variants:

#define DEFAULT_STD_KEY_PARAM  "rsa2048/cert,sign+rsa2048/encr"
#define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"

	    if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) )
	      strcat(dummy_string,"S9 ");
	    if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) )
	      strcat(dummy_string,"S8 ");
	    if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
	      strcat(dummy_string,"S7 ");

            /* The default hash algo order is:
                 SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.

        log_info ("S2K calibration: %lu -> %lums\n", count, ms);
      if (ms > 100)
        break;



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170908/e9ded2a0/attachment.sig>