GPG's vulnerability to quantum cryptography

Peter Lebbing peter at
Mon Jul 7 11:50:30 CEST 2014

On 06/07/14 16:25, Johan Wevers wrote:
> I don't see the relation between these two.

I agree.

This conversation is still a mystery to me.

"The Fuzzy Whirlpool Thunderstorm", it seems to me you advocate revoking
an encryption key, or letting it expire, when you suspect the key could
be cracked by an adversary.

This does not help at all for anything already encrypted to that key, it
only prevents people (who have fetched the revocation) to encrypt any
new data to that key. Any old data can still be decrypted by your
adversary, who has computed your private key.

The method works reasonably well for signature keys, apart from the fact
that your adversary can still fake a signature in the past, when your
signature key was still valid. Also, your correspondents still need to
fetch the revocation before they realise new signatures are invalid.

Could you explain what you mean? I'm really getting the impression we're
talking about cracking an encryption key, and I don't see how revoking
such a key would help significantly for that.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list