Silk Road forums
Discussion => Newbie discussion => Topic started by: Wernher on August 24, 2013, 07:41 am
-
Does everyone think this is the right thing to have in gpg.conf? Can anyone think of any improvements? Is AES256 better than the other ciphers?
force-mdc
utf8-strings
charset utf-8
throw-keyids
no-auto-key-locate
no-emit-version
no-comments
no-greeting
no-allow-non-selfsigned-uid
ask-cert-expire
armor
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 TWOFISH AES CAST5 BZIP2 ZLIB ZIP Uncompressed
personal-cipher-preferences AES256 AES192 TWOFISH AES CAST5
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed
cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo BZIP2
bzip2-compress-level 9
compress-level 9
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-count 65011712
s2k-mode 3
-
I don't know what all of those do, but generally speaking, if you have to ask whether AES256 is better than the others, you probably shouldn't be forcing GPG to choose any specific cipher or algorithm. In other words, I'd remove most of that. For example:
no-greeting
always-trust
no-emit-version
armor
utf8-strings
no-comments
throw-keyids
Note that you really shouldn't use always-trust, it's kind of bad... but I don't recall exactly why. I don't like throw-keyids, personally, but I don't encrypt anything to myself -- I know what I wrote, I don't want someone who gets their hands on my key and my passphrase to know too.
-
Thank you, SS.
Yes, I thought that forcing a specific cipher might be a bad idea, but I wanted to see what others thought. Then again, everything i've read has said TWOFISH > BLOWFISH, so there should be some slection; personal-cipher-preferences rather than cipher-algo is probably the right way to do it.
Does anyone have any reasons why a particular cipher might be stronger than the others?