Yes, everyone should upgrade to PQ encryption now. (Re: gpg4win expired code signing cert; please renew.)

have at anonymous.sex have at anonymous.sex
Thu Oct 16 21:26:12 CEST 2025 

On Thu, 16 Oct 2025 00:55:14 -0400, "Robert J. Hansen" 
<rjh at sixdemonbag.org> wrote:

[Attribution restored:  Internal quote is <have at anonymous.sex>.]
>>I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 
>>beta[1] with post-quantum encryption; everyone should use PQC 
>>*yesterday*.[2]
>
>This is an extreme position. It is also silly. No, everyone does not 
>need to switch immediately to PQC. If you want to play around with it, 
>feel free: if you have really unusual requirements necessitating Kyber, 
>go for it: but please don't think it's recommended or a best practice.  
>It's neither.
>
>NSA [...says...]

Silently, catastrophically breaching long-term security for people who 
don’t even understand the threat models for retrospective decryption is 
*cryptographic malpractice*.  Fortunately, the most widely-used FOSS is 
now more or less on the ball with the current best practice of PQC; for 
a few examples:

  * GnuPG:  Stable, usable hybrid PQ encryption from v2.5.1, released a 
month after the NIST standard.  Good to use for the more than the past 
year, as of this writing.  Upgrade to v2.5.x *now*!

  * OpenSSH:  PQ encrypton *by default* since *2022-04-08* (v9.0), 
available earlier.

  * OpenSSL:  Stable, usable hybrid PQ encryption in TLS from v3.5.0 LTR.  
Upgrade your webserver!  Also, the Tor daemon opportunistically uses 
this (at only one of its layers of encryption) since v0.4.8.17; Tor node 
operators, please upgrade both Tor and OpenSSL.

  * Mozilla Firefox and Google Chrome/Chromium:  Both support the same 
hybrid PQ-encrypting TLS in all recent versions.  If you don’t yet have 
PQC available in your browser, then you are probably using an ancient 
version riddled with known RCE vulns.

  * Signal (much though I do not recommend the centralized, non-anonymous 
network, they must be praised for this):  Hybrid PQ encryption since 
2023.  Starting almost two and a half years ago.

Do you suggest that all of these projects and their developers wasted 
their time?  (Plus all of the TLS standarizers at IETF... plus the 
engineers at Cloudflare who have been pushing PQC deployment hard...  
plus...)  It is the logical implication of your actively attempting to 
dissuade users from upgrading to a now-standard feature, by ridiculing 
upgrade advocacy as “silly” based on your interpretation of NSA-says-so.

Always,

have at anonymous.sex

-- 
A makeshift way to distribute my current PQ-PGP key:
https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key
01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/bdd80ba7/attachment.sig>

More information about the Gnupg-users mailing list