On Wed, 15 Oct 2025 20:00:25 -0500, Jay Acuna <[email protected]> wrote:
On Thu, Oct 16, 2025 at 12:32 AM Robert J. Hansen via Gnupg-users
<[email protected]> wrote:
[HAS re-adds attribution: The following is from <[email protected]>.]I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 beta[1] with post-quantum encryption; everyone should use PQC *yesterday*.[2]This is an extreme position. It is also silly. No, everyone does notI would say it is extremely well advised as soon as possible to move to hybrid the PQC algorithms. For protection against "save now decrypt later" attacks.
^^^ This. Future retrospective decryption of today’s intercepts. Most people do not understand the threat model for this.
On a not unrelated note, see also, among other things, the nuanced discussion of “The benefits-do-not-exist argument” in:
2025-01-18: “As expensive as a plane flight: Looking at some claims that quantum computers won’t work.”
https://blog.cr.yp.to/20250118-flight.htmlI do agree with Robert J. Hansen that it’s best not to (as I will put it) casually sketch a kind of handwavy *ad hoc* cryptographic protocol in a tangent that’s dragging this thread entirely off-topic, reducing S/N ratio. (I will skip that part of the discussion.)
And why bother? Real Cryptographers™ have already done the hard work for securely hybridizing the needed algorithms, and developers such as WK and the GnuPG devs have already implemented it *a year ago* (v.2.5.1 stable/forward-compatible protocol for ECC+Kyber).
Please just use their stuff. :-) Always, [email protected] -- A makeshift way to distribute my current PQ-PGP key: https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key 01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
