Quote from: eJ3k1 on July 24, 2012, 09:20 amLouis, I read this post of you in the other thread.Quote from: LouisCyphre on July 17, 2012, 07:38 amI'd go further. I wouldn't trust a vendor that used a key with less than 2048-bit strength, that uses old-style key structure (signing and encrypting included in the master key with no subkeys), only supported SHA1 hashes and only used symmetric ciphers that predated AES. I also wouldn't trust anyone using BCPG (which includes everyone using IGolder) and Portable PGP 1.0.6 and earlier (I'm not yet sure about 1.0.7, but it is built with Java so being able to exploit the Java VM means being able to compromise the whole program).I use the standard GPG engine that comes with Ubuntu, and I have a 2048-bit key. Is that a good version to use? (My key is at the bottom of page 7).It should be fine for the next few years at least. The default key sizes for GPG are good enough for most people, but never select anything lower than the defaults.The problem with BCPG and Portable PGP 1.0.6 is that they do select lower key sizes. A Java implementation should be avoided whenever possible too.