GPG's vulnerability to quantum cryptography

Robert J. Hansen rjh at sixdemonbag.org
Fri Jul 4 20:02:06 CEST 2014


> Most of you don't seem worried about the possibility of 4096 qubits 
> happening (i.e., of RSA-2048 being cracked) at all before you are
> dead.

Excited, maybe.  Not worried.

> But what about younger people here in their teens, 20s or 30s? What
> am I missing?

I had an aunt that I was really close to.  She was diagnosed with
terminal, inoperable cancer in 1980 and given no more than three to five
years to live.  Two years later new oncological medicine dialed the
clock back and gave her another three to five years.  A few years after
that, it repeated.  Ultimately she died in 2005, twenty-five years after
her initial three-to-five prognosis, after outliving two of her oncologists.

She was a tough old bird.  But cancer still got her, and I'm still angry
at cancer over that.

So what you're saying is ... if huge quantum computers come to pass,
what you're worried about is your personal emails being readable by
someone who's spent the last fifty years laboriously archiving everything?

Man, I'm *welcoming* the future.  The possibility of using really large
quantum computers to efficiently do simulation of large, complex
phenomena -- like drug interactions with cancer! -- is so cool that if I
could, if I could wave a magic wand and drop computing technology from
100 years in the future on us right now, I'd do it in a heartbeat and
have a big smile on my face as I caused everyone's secrets to be exposed.

Because it would also mean we'd be a hundred years closer to curing
cancer.  A hundred years closer to curing HIV.  A hundred years closer
to being able to efficiently and quickly discover new classes of
antibiotics to fight the current drug-resistant regimes.  A hundred
years closer to...

Am I worried about the future?  Oh, heavens, no.  I'm greeting it with
my arms wide open and screaming at it, "Faster, please!"  And I think
you should, too.  I think all of us should.  Oh, yes, there will be
drawbacks to progress -- there always are -- but that cannot be a reason
for us to look at progress with anything less than awe and joyful
expectation!

> Because of this, every time I use PGP I have to ask myself: Do I care
> if people crack this after 50 years? It's cumbersome.

If you're using OpenPGP to secure things for 50+ years, you're using the
wrong tool.

PGP stands for Pretty Good Privacy.  Not perfect, and not 50+ years.
Just Pretty Good.




More information about the Gnupg-users mailing list