[acqq]

> they aren't going to get your files compromised.

The default encryption is CAST5 which is a 64-bit block size cipher (even if it is confusingly called "CAST-128").

The default password derivation is using SHA1.

That's the reason people change the defaults. If you like them, you're of course free to use them or recommend them to your clients. Good luck. Of course I'd also like to read your explanation how you can consider 64-bits "secure enough" today (or for what you consider them secure enough). Also your estimate of how expensive would be to brute force shorter passwords for the traditionally small number of default rounds of SHA1. Thanks.

[tptacek]

Neither of those two things matter very much for file encryption. The short block size, for instance, is a very big deal with online encryption, but not a dealbreaker for offline encryption.

[acqq]

> The short block size ... not a dealbreaker for offline encryption.

Which scenarios do you assume to be valid for offline encryption which don't make short block sizes problematic?

Why is poor password handling not a problem under these scenarios?

[tptacek]

Neither gpg2 nor gpg1's defaults make short passwords safe; really, though, with a single targeted password, your passphrase needs to be extreme no matter what settings you use.

I'm not sure why an 8 byte block would materially impact file encryption. The kinds of attacks where short blocks come in handy are all online, CCA-style attacks. You might worry about things like CTR counter block sizes, but, again, not an issue for GPG1's defaults.

I'm not saying they're good settings. And: in particular, if you used them to encrypt something like session cookies, you could have serious vulnerabilities. But like I said: it's easy to encrypt files, and some things that are survivable for files aren't for other applications.