hhmx.de

mxey

mxey
@mxey@hachyderm.io

· Föderation EN Sa 01.03.2025 15:36:14

@scy i wouldn’t categorize OpenPGP as worthwhile crypto latacora.com/blog/2019/07/16/t

It’s nowhere close to what Signal does

0x   1   0x

Stephan Neuhaus

Stephan Neuhaus
@sten@chaos.social

Föderation EN Sa 01.03.2025 16:47:53

@mxey @scy I was about to write just about the same. I'm sure that PGP (any variety) *can* be used securely, but it's just too damn hard.

The "packet" format is so useless that you could have sign-then-encrypt or encrypt-then-sign and never know which.

When last I looked (which is admittedly some time ago), PGP still supported many many now dangerously obsolete algorithms. I understand why they do that, but it's certainly not an endorsement to use it as the crypto layer for a new messenger.

0x   1   0x

mxey

mxey
@mxey@hachyderm.io

Föderation EN Sa 01.03.2025 17:16:47

@sten @scy PGP also by design cannot have perfect forward secrecy

0x   1   0x

Stephan Neuhaus

Stephan Neuhaus
@sten@chaos.social

Föderation EN Sa 01.03.2025 17:44:05

@mxey @scy PGP has so many options that I'm loath to support this statement with any kind of confidence. But in its normal use case (some hybrid encryption scheme that uses both sides' long-lived keys), that's certainly true.

0x   0   0x