I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 beta[1] with post-quantum encryption; everyone should use PQC *yesterday*.[2]
This is an extreme position. It is also silly. No, everyone does not need to switch immediately to PQC. If you want to play around with it, feel free: if you have really unusual requirements necessitating Kyber, go for it: but please don't think it's recommended or a best practice. It's neither.
NSA isn't requiring their vendors to switch away from RSA-3072 for TOP SECRET data until 2030.[1] Given the default period of classification for TOP SECRET is 25 years, we can conclude NSA believes RSA-3072 will be suitable for protecting TOP SECRET data until 2055. People who need beyond-30-year security do exist, and they would be well-served to adopt PQC now. People who need to protect data of comparable value to national security secrets should prepare to migrate to PQC within the next few years. Everybody else is well-served by remaining still and not panicking. The sky is not falling, no matter what some people may say. As the (out-of-date, but still relevant here) FAQ says, "Almost every question in either the fields of computer security or cryptography can honestly be answered with, 'it depends.' Real experts will avoid giving blanket yes-or-no answers except to the simplest and most routine of questions. They will instead hem and haw and explain the several different factors that must be weighed."[2] [1] Technically, different communication requirements have different switch-by dates. The earliest ones occur in 2030, the latest occur in 2033. When the switch-by date occurs, legacy CNSA-1.0 algorithms like RSA-3072 must be phased out in favor of quantum-resistant alternativeslike ML-KEM (formerly called "Kyber") and ML-DSA (formerly called "Dilithium"). See, e.g.:
https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/ CSA_CNSA_2.0_ALGORITHMS.PDF [2] https://gnupg.org/faq/gnupg-faq.html , section 4.2
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
