summaryrefslogtreecommitdiff
path: root/repo/gnupg/0320-gpg-default-to-aes256.patch
blob: 2d9a90fe37516c4e6e8f2617e03c6fdde24f546b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 7 Sep 2017 19:04:00 -0400
Subject: gpg: default to AES-256.

* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)
---
 g10/main.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/from-master/gpg-default-to-AES-256.patch

diff --git a/g10/main.h b/g10/main.h
index 68360e2..1983e42 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -31,7 +31,9 @@
    (i.e. uncompressed) rather than 1 (zip).  However, the real world
    issues of speed and size come into play here. */
 
-#if GPG_USE_AES128
+#if GPG_USE_AES256
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES256
+#elif GPG_USE_AES128
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
 #elif GPG_USE_CAST5
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5