Yes, everyone should upgrade to PQ encryption now. (Re: gpg4win expired code signing cert; please renew.)
Robert J. Hansen
rjh at sixdemonbag.org
Thu Oct 16 23:38:06 CEST 2025
> “...to *their* enemies...” What if NSA is an adversary in your
> threat model?
Let me share with you one of the unclassified secrets of NSA's
cryptographic section, as told to me by one of their instructors: they
always assume the other guy has better mathematicians, better computers,
and more money.
If they believe "okay, against an adversary with better mathematicians,
better computers, and more money, we still believe RSA-3072 will give
sufficient protection to our communications until 2055," then the only
conclusion I can draw is NSA doesn't think they'll be able to break it
either.
> In troubled times, why not have the long-term peace of mind of a
> free upgrade of your FOSS encryption software, including GnuPG
> 2.5.x?
Excellent question, and you'll note that just recently I urged someone
to migrate from 1.4 to the new 2.6 series (of which 2.5.12 is, I think,
the official beginning).
I'm not opposed to migration. I'm opposed to doing it badly.
> As for blindly trusting NSA advice generally, sorry but I’m not
Good. Blind trust is bad. So is blind *dis*trust. The trick is, in the
words of Sage Francis, "a healthy distrust".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251016/c5078f32/attachment.sig>
More information about the Gnupg-users
mailing list