GPG's vulnerability to quantum cryptography

p.h.delgado at xoxy.net p.h.delgado at xoxy.net
Mon May 19 16:56:18 CEST 2014


On 05/13/2014 04:03 PM, David Q. wrote:

> For this reason, what I do today is share long keys with people I know *in
> person*. We then use regular AES-256 to encrypt/decrypt our messages back
> and forth. Every 6 months we meet in person to renew our keys.

You are right, but, in my opinion, for the wrong reasons.

I agree with the poster above who is quite skeptical about the quantum
computing. I do however believe that factoring a product of two large
prime numbers might either be the subject of a sudden mathematical
breakthrough, or that the solution is already known to my
adversaries but this fact has been kept secret. While this view
might be somewhat extreme, it is much more realistic than doubt in
the security of any modern, well researched symmetric block cipher.

Public key cryptography has it's place, but anybody that is
in a position to exchange via a secure method a symmetric crypto
key, is well advised to avoid public key cryptography. After all,
GPG is nothing but a method to exchange a symmetric key for those
that lack the opportunity to do so via an alternative, more secure
method. Looking at the crypto primitives as the links in a
chain that breaks when the weakest link breaks, asymmetric/symmetric
hybrids (such as GPG) have three links: public key algorithm,
random number generator and private key algorithm. In contrast,
symmetric key only systems avoids first two of those potentially
weak links altogether.

dekgado





More information about the Gnupg-users mailing list