gpg4win expired code signing cert; please renew.
Jay Acuna
mysidia at gmail.com
Thu Oct 16 12:57:18 CEST 2025
On Thu, Oct 16, 2025 at 4:51 AM Andrew Gallagher via Gnupg-users
<gnupg-users at gnupg.org> wrote:
> > Email temp2.asc - PQC Hybrid layer prevents access to the temp1.asc
> Please don't roll your own encryption - this includes reinventing 3DES.
Just no. This is not rolling your own encryption.
Also; I don't see any good points there.
You don't get to say that, unless you can provide an actual explanation
about how nested message encryption using independent keys and
unrelated algorithms
is less secure than both the RSA/EC-based method AND
the PQC method. Please go ahead and do so.
If you can, then you have also proven that both message encryption
options are deficient.
> Encryption sandwiches like this never have the security properties you
> might naively think. (See 3DES...)
This is not DES. DES is a weak cryptographic primitive.
The 'gpg -e' is not a cryptographic primitive.
You can discuss the special attacks which exist against DES and how
triple-encryption with the same algorithm and same key does not equal
triple the strength. The logic is totally void in regards to "gpg -e"
> Also keep in mind that you're orders of magnitude more likely to lose
> your SSN or credit card number in a data breach than to quantum
> cryptanalysis. And the feds already know your SSN and credit card
You are making an assumption about whom quantum cryptanlysis
will eventually be available to. If it's available to 3-letter agencies
and large firms 20 years from now, then add 15 more years, and
it will likely be available to kids with a smart phone..
> number. ;-)
--
-JA
More information about the Gnupg-users
mailing list