【Ξnigmatico】:misskey: on Nostr: LisPi I think this article explains my point pretty well. ...
LisPi (nprofile…2mzm) I think this article explains my point pretty well.
https://articles.59.ca/doku.php?id=pgpfan:tpp
PGP still works and a lot of the problems they found were attributed to a bad usage by the client rather than PGP itself. PGP is still secure, and while it bothers many people to have to keep track of keys and stuff, mathematical algorithms don't "age" like people wants to assume. To which I quote from the blog article I just posted:
" The entire rant is basically about how OpenPGP is old and therefore bad and how new things, sometimes only vaguely defined, are good. So let's address this first.
If someone, while trying to sell you some high security mechanical system, told you that the system had remained unbreached for the last 20 years you would take that as a compelling argument. You would be unlikely to demand a newer design. Normally old designs that have stood the test of time are valued. Cryptography is based on mathematical/logical principles. Such principles don't age out on any sort of a schedule and are valued in some cases for thousands of years.
So the rant is contending something that goes against conventional expectations. Normally that would require some evidence and/or a good argument. The rant provides neither."
As for the blog article two people already linked me (soatok), while I don't want to imply the person who wrote this is bad at what they do, I think they have a case of "appeal to authority" by "the authority is me who works as a security researcher" while at the same time claiming that something is memory safe just because it's made in Rust (which is BS) and continuing making arguments about how PGP is bad because it's old and it's complicated while at the same time recommending a lot of different stuff for every single use case. This is the "I know better" kind of person, which is not an authority to me.
https://articles.59.ca/doku.php?id=pgpfan:tpp
PGP still works and a lot of the problems they found were attributed to a bad usage by the client rather than PGP itself. PGP is still secure, and while it bothers many people to have to keep track of keys and stuff, mathematical algorithms don't "age" like people wants to assume. To which I quote from the blog article I just posted:
" The entire rant is basically about how OpenPGP is old and therefore bad and how new things, sometimes only vaguely defined, are good. So let's address this first.
If someone, while trying to sell you some high security mechanical system, told you that the system had remained unbreached for the last 20 years you would take that as a compelling argument. You would be unlikely to demand a newer design. Normally old designs that have stood the test of time are valued. Cryptography is based on mathematical/logical principles. Such principles don't age out on any sort of a schedule and are valued in some cases for thousands of years.
So the rant is contending something that goes against conventional expectations. Normally that would require some evidence and/or a good argument. The rant provides neither."
As for the blog article two people already linked me (soatok), while I don't want to imply the person who wrote this is bad at what they do, I think they have a case of "appeal to authority" by "the authority is me who works as a security researcher" while at the same time claiming that something is memory safe just because it's made in Rust (which is BS) and continuing making arguments about how PGP is bad because it's old and it's complicated while at the same time recommending a lot of different stuff for every single use case. This is the "I know better" kind of person, which is not an authority to me.