I hope this patch is acceptable in something like its present form. If
so, I'll write up the documentation updates as well. (But I suspect it
may spark some discussion.)
It updates some rather outdated defaults hard-wired into GnuPG:
- Default cipher algorithm: CAST5 -> AES256
- Default digest algorithm: SHA1 -> SHA512
- Default S2K hash algorithm: SHA1 -> SHA256
- Default S2K iterations: 255 (this takes about 400ms in E2E, not
sure about GnuPG timing)
- Modification detection codes always used.
- Slightly increased default RSA key-size to better match RSA
- Display long key IDs by default. (Would a default of showing
fingerprints be acceptable to folks?)
- (Try to) never fall back to MD5, SHA1, or RIPEMD160 unless the user
explicitly requests the use of one of these algorithms.