What to Use Instead of PGP
soatok.blogEvery time someone brings up PGP issues, it's always something to do with the usability rather than blaming the protocol itself. If people are too reckless, no matter what protocol you use, it will always be insecure in that sense
Security experts don’t consider this a valid excuse anymore. The first task was making encryption primitives that are secure when used perfectly— it took a while, but we’ve pretty much done that: nobody expects a serious break in e.g. AES any time soon. But the next task after that is making crypto systems that are free of footguns and as hard as possible to misuse, especially when wrapped in layers of libraries, which in practice they always are.
This is what’s phasing out RSA, for example— it is possible to use RSA in a completely secure way, but it’s very easy to get it wrong and it can fail catastrophically when you do. PGP has the same problem: yes, it can be used securely, but that’s not sufficient in 2024.
> PGP has the same problem: yes, it can be used securely, but that’s not sufficient in 2024.
Does that justify saying "it sucks shit", though? Especially considering that it was written in 1991, and not in 2024?
I feel like I don't regularly read blog posts from aerospace engineers that sound like "The Apollo mission sucked shit. Those morons had no idea what they were doing. We younger aerospace engineers who have not had a fraction of the impact Apollo did have been saying it for years: use our new stuff because we are the smart ones".
> Note: I’m deliberately being blunt in this post because literally more than a decade of softspokenness from cryptography experts has done nothing to talk users off the PGP cliff. Being direct seems more effective than being tactful.
I hate PGP, too. However, I’ve spent money on five YubiKeys and several months of tinkering to make them somewhat work on Linux and WSL. I use them to sign my commits and Debian packages I build.
If your goal is to convince me to throw *all of this* away and sink another shitload of money into an alternative and re-do months of tinkering to make it actually work, then being deliberately blunt and condescending is not going to help your case.
ok. So, it is not just me that find this article condescending...
Now, I believe you article is not totally futile, as it's not. But....
I would definitely drop the condescending to, give example with details as why with comparison. If you did, I did not get there, again, because of the tone.
Isn't this sunk cost fallacy?
It would be if PGP was not secure. But used properly, it is actually secure.
Condescending people saying "it sucks shit, I'm 10x smarter than the author of PGP" usually say that the UX of PGP is hard, which makes it prone to errors.
I have security keys and I use PGP. Unless someone can teach me why it's not good enough for me (and "it's too hard to use" doesn't convince me, given that I actually use it fine), I won't spend hours learning how to use the new cool tools of those condescending people, just for the sake of it.
> Now, there exists a minority of extremely technical computer user for which Signal is a nonstarter (because you need a smartphone and valid phone number to enroll in the first place). > there presently isn’t really a good recommendation for private messaging that meets their constraints.
You don't need a phone number or a phone for https://haven.xx.network and there are others.
If nothing is recommended, fine, but it's simplistic to not recommend or even consider the 3-4 apps that don't have those limitations. If you didn't have time to investigate or couldn't find anything else, say so.
> If nothing is recommended, fine
You could've ended your sentence there.
Just because other apps don't have those limitations doesn't mean they also offer comparable cryptographic security.
Haven appears to be a blockchain project, built with Next.js, and doesn't appear to implement any cryptography.
If it isn't end-to-end encrypted, it's not in the same league.
For emails, there's autocrypt which works great. You don't have to deal with managing keys anymore
use libsodium directly, like this[1].
I don't understand the issue with encrypted emails. Is Proton Mail not secure?
"Is _____ not secure?"
What. is. your. threat. model?
I genuinely wonder for ProtonMail (and anything web-based, really): isn't it a fact that if I use ProtonMail, my browser will download and execute a client every time? In the sense that I don't actually know what code my client is running. ProtonMail could totally decide to serve me a client that actually leaks data, and I would not know it unless I somehow save and audit the client every. single. time.
If I use e.g. Signal, I can of course build it from sources I trust, or download it from the Play Store and trust that Google won't send me a modified version of it (at least it seems less likely and harder to pull).
Am I wrong in considering that web-based clients cannot really be considered secure?
Assuming full security, on Signal someone can also copy and paste my message, just as on Proton Mail they can forward it. I don't see any difference.
From the article:
> Finally, miss me with the “but someone can screenshot Signal” genre of objections.
> As Latacora noted, people accidentally fuck up PGP all the time! It’s very easy to do.
> Conversely, you have to deliberately leak something from Signal.
Ok. I read it without paying attention. Sorry. I got lost in the translation.
Do cryptographers really have to keep saying things like "PGP sucks shit" and give the impression that the author was completely stupid?
The author wrote this in 1991 and humbly called it "pretty good privacy". 30 years later, kids say "it sucks shit" and call their stuff "actually good encryption", hinting that they believe they are so much better than the PGP author more than 3 decades ago.
I don't know, can we show some respect, or is it too much to ask?
The blog post did not attack the people that created it in 1991. It criticizes what we have today.
What we have today is a mess of legacy cruft that is still heavily evangelized by people that don't know better.
Enough with tradition. Enough with reverence for the past. What matters more is what's the better solution. If we continue to insist on this veneer of "respect", it will just make the PGP evangelists think they're in the right.
> It criticizes what we have today.
I understand that. But the tone does feel very condescending to me. And this article is not isolated in that sense.
Let me just give one example from another article of this blog:
> But before I do, a quick reminder that me criticizing XMPP+OMEMO isn’t an endorsement of weird or stupid alternatives, like using PGP.
I don't know, if I was the PGP author, it would not make me feel good.
The PGP author doesn't read furry blogs.