On 08/09/13 19:43, Simon Ward wrote:
GPG offers strong algorithms but they are not used by default due to backwards compatibility with PGP users (that argument could well be something created by the NSA)
Enough people use GnuPG for this not to be an issue. Besides, I believe the default is now 2048-bit RSA which is more than enough for a few years, and supported by PGP. 4096-bit might make you feel comfy, but it's overkill. Much more practical to stick with the default for now, and switch to ECDSA or better in a few years when it is hopefully standardised.
The SHA1 hash is another default that appears to be retained for backwards compatibility
As for ECDSA, some people are questioning that now because the NSA suggested specific curves that are in the RFCs:
http://infosecurity.ch/20100926/not-every-elliptic-curve-is-the-same-trough-...