[Attribution restored: Internal quote is <[email protected]>.]
I am remotely/anonymously urging a GnuPG newbie to install gpg4win 5 beta[1] with post-quantum encryption; everyone should use PQC *yesterday*.[2]This is an extreme position. It is also silly. No, everyone does not need to switch immediately to PQC. If you want to play around with it, feel free: if you have really unusual requirements necessitating Kyber, go for it: but please don't think it's recommended or a best practice. It's neither.NSA [...says...]
Silently, catastrophically breaching long-term security for people who don’t even understand the threat models for retrospective decryption is *cryptographic malpractice*. Fortunately, the most widely-used FOSS is now more or less on the ball with the current best practice of PQC; for a few examples:
* GnuPG: Stable, usable hybrid PQ encryption from v2.5.1, released a month after the NIST standard. Good to use for the more than the past year, as of this writing. Upgrade to v2.5.x *now*!
* OpenSSH: PQ encrypton *by default* since *2022-04-08* (v9.0), available earlier.
* OpenSSL: Stable, usable hybrid PQ encryption in TLS from v3.5.0 LTR. Upgrade your webserver! Also, the Tor daemon opportunistically uses this (at only one of its layers of encryption) since v0.4.8.17; Tor node operators, please upgrade both Tor and OpenSSL.
* Mozilla Firefox and Google Chrome/Chromium: Both support the same hybrid PQ-encrypting TLS in all recent versions. If you don’t yet have PQC available in your browser, then you are probably using an ancient version riddled with known RCE vulns.
* Signal (much though I do not recommend the centralized, non-anonymous network, they must be praised for this): Hybrid PQ encryption since 2023. Starting almost two and a half years ago.
Do you suggest that all of these projects and their developers wasted their time? (Plus all of the TLS standarizers at IETF... plus the engineers at Cloudflare who have been pushing PQC deployment hard... plus...) It is the logical implication of your actively attempting to dissuade users from upgrading to a now-standard feature, by ridiculing upgrade advocacy as “silly” based on your interpretation of NSA-says-so.
Always, [email protected] -- A makeshift way to distribute my current PQ-PGP key: https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250107/4732a382/attachment.key 01A6D81EEAD7EEEC393DEC1401F4894C154E1B8EE32E9059CA5566792A836823
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
