From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 7 Sep 2017 23:04:00 +0000 (-0400)
Subject: gpg: default to AES-256.
X-Git-Tag: archive/raspbian/2.2.10-2+rpi1^2~13
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3bbdcf5cfee5f274fb83c9e41f977341b952c7c5;p=gnupg2.git

gpg: default to AES-256.

* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)

Gbp-Pq: Topic from-master
Gbp-Pq: Name gpg-default-to-AES-256.patch
---

diff --git a/g10/main.h b/g10/main.h
index 389a557..6f93de9 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -31,7 +31,9 @@
    (i.e. uncompressed) rather than 1 (zip).  However, the real world
    issues of speed and size come into play here. */
 
-#if GPG_USE_AES128
+#if GPG_USE_AES256
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES256
+#elif GPG_USE_AES128
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
 #elif GPG_USE_CAST5
 # define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5