summaryrefslogtreecommitdiffstats
path: root/debian/patches/from-master/gpg-default-to-AES-256.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/from-master/gpg-default-to-AES-256.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/debian/patches/from-master/gpg-default-to-AES-256.patch b/debian/patches/from-master/gpg-default-to-AES-256.patch
new file mode 100644
index 0000000..d131f6a
--- /dev/null
+++ b/debian/patches/from-master/gpg-default-to-AES-256.patch
@@ -0,0 +1,35 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 7 Sep 2017 19:04:00 -0400
+Subject: gpg: default to AES-256.
+
+* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
+
+--
+
+It's 2017, and pretty much everyone has AES-256 available. Symmetric
+crypto is also rarely the bottleneck (asymmetric crypto is much more
+expensive). AES-256 provides some level of protection against
+large-scale decryption efforts, and longer key lengths provide a hedge
+against unforseen cryptanalysis.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)
+---
+ g10/main.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/g10/main.h b/g10/main.h
+index 68360e2..1983e42 100644
+--- a/g10/main.h
++++ b/g10/main.h
+@@ -31,7 +31,9 @@
+ (i.e. uncompressed) rather than 1 (zip). However, the real world
+ issues of speed and size come into play here. */
+
+-#if GPG_USE_AES128
++#if GPG_USE_AES256
++# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256
++#elif GPG_USE_AES128
+ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES
+ #elif GPG_USE_CAST5
+ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5