What is the most robust available algo for GPG symmetric encryption (given as argument of --cipher-algo
)?
Possible ciphers:
- IDEA
- 3DES
- CAST5
- BLOWFISH
- AES
- AES192
- AES256
- TWOFISH
- CAMELLIA128
- CAMELLIA192
- CAMELLIA256
What is the most robust available algo for GPG symmetric encryption (given as argument of --cipher-algo
)?
Possible ciphers:
Use AES-256
(because it stops people from lecturing you about quantum computers).
If you don't have particular (performance) requirements in mind, 256-bit AES is a good and safe choice. But that doesn't mean there are practical attacks against the other ciphers. Ultimately, it's a matter of personal preference since nobody can predict which theoretical observations might work as practical attacks in the future.
In fact, you can also safely use AES-128, which is about 30% faster. There is a bit of a disagreement whether it's worth switching from AES-128 to AES-256: Doubling the key size doesn't prevent any current attacks because searching the key space is not practical either way. However, the difference becomes important when at some point in the future quantum computers might be able to execute Grover's algorithm which effectively halves the key size and hence could make brute-force attacks against AES-128 feasible. But that's a theoretical future scenario. The article "Guess why we're moving to 256-bit AES keys" is a good read on AES key sizes.
Similar to @SteffenUllrich I'm comfortable with the AES family because due to its status as a NIST standard, AES has been studied extensively and it has been around for quite a while without anyone having published any concerning weaknesses.
The GnuPG FAQ has an opinion, too:
11.10 What are the best algorithms in GnuPG?
MD5 and SHA-1 should be avoided if possible, and for bulk encryption it’s best to use Camellia, Twofish, or AES. Beyond that guidance there is no “best algorithm” in GnuPG. It’s sort of like asking whether Godzilla or King Kong is better at terrorizing urban cities: there is no clear-cut winner.
This is not to say you shouldn’t have preferences, though. It is only to say that GnuPG’s algorithms are so well-designed for what they do that there is no single “best”. There’s just a lot of personal, subjective choice.
You should use one of the AES variants, because it's the most common modern cipher by far, and as such:
GnuPG version 2.1 uses AES (128 bit key) as the default, so if you have that version you don't need to tweak the default at all. Older versions default to CAST5, but if they support AES it is worthwhile to override that default. (Neglecting to do so shouldn't be a cause for alarm, however.)
Now, to go over the other alternatives: