gpg4win expired code signing cert; please renew.

Robert J. Hansen rjh at sixdemonbag.org
Thu Oct 16 13:36:12 CEST 2025 

> You don't get to say that, unless you can provide an actual 
> explanation about how nested message encryption using independent 
> keys and unrelated algorithms is less secure than both the RSA/EC- 
> based method AND the PQC method. Please go ahead and do so.

"Do the algorithms form a group?"

There, done. If this doesn't make sense to you, you need to study an
area of mathematics called group theory. It is extraordinarily important
to cryptanalysis.

I feel bad about telling someone, "I'm sorry, but you need an
undergraduate mathematics degree to understand why you're wrong," so
I'll try to explain using a simplification: what do you get if you apply
ROT13 encryption twice?

Layering isn't automatically a good idea. The reason why is, at root,
because every ROT algorithm forms a mathematical group.

The fact the algorithms are different doesn't matter. The question isn't
about *how they're coded* (algorithmic analysis), but *what the
underlying mathematical structure* is. And if you want to look at
underlying mathematical structure, group theory is a great place to start.

> If you can, then you have also proven that both message  encryption 
> options are deficient.

I'm afraid you don't understand: the onus is not on him to prove it's
insecure -- it's on you to prove it *is* secure.

Start by rigorously answering the question, "do these layered algorithms
form a mathematical group?"

> This is not DES. DES is a weak cryptographic primitive.

No, it is not. DES is overbuilt like a Soviet worker's housing bloc. To
this day the most effective way to attack DES is via keyspace
exhaustion. It still holds up quite well as an example of excellent design.

Do not confuse "its keyspace and blocksize are insufficient for today's
needs" with "DES is not worthy of serious study".

> You are making an assumption about whom quantum cryptanlysis will 
> eventually be available to.

NSA isn't expecting it'll be available to their enemies until 2055. Add
fifteen years to that and you're projecting out to 2070.

I'm not worried.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/cd64e07c/attachment.sig>

More information about the Gnupg-users mailing list