There is no such thing as "the best key."
All choices have consequences and tradeoffs. You might feel more comfortable with a 4096-bit RSA key, but the person you're sending email to might be trying to read it on a PDA which takes over a minute to decrypt each message. You might decide to use SHA-1 because it's supported by every OpenPGP user, but SHA-1 has some serious mathematical flaws and does not offer long-term security.
All choices have consequences and tradeoffs. Finding precisely the optimal set of consequences and tradeoffs is a very subtle thing. The perfect set for you will probably not be the same for anyone else.
The Internet Engineering Task Force OpenPGP Working Group (usually just "the WG") has spent over a decade looking at which choices offer an excellent balance of speed, safety, and compatibility for the vast majority of users. Their opinions have evolved over time to take into account the technology and threats of the day. They are staying on top of things.
GnuPG implements the WG's recommendations. (This is pretty easy for them, given they're active participants in the WG.)
Therefore, the best advice we can give is to use GnuPG's defaults. They are not perfect, because no two people have the same definition of perfection. However, the defaults are excellent for the overwhelming majority of users.
What sort of key is best?
1 post
• Page 1 of 1
What sort of key is best?
by rjh » 15th Feb 2008 06:35
-
rjh - Enigmail Team
- Posts: 64
- Joined: 21st Jul 2007 16:41
1 post
• Page 1 of 1