Essay on PGP as it is used today

mercuryrising at hush.ai mercuryrising at hush.ai
Tue Jul 23 10:32:25 CEST 2019 

Again, Signal is touted as better than PGP.Why?Look at this problem
with signal. Looks really serious.
Signal Desktop Leaves Message Decryption Key in Plain Sight
https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/

I don't think PGP does THIS !
Elwin
 Sent using Hushmail
On 7/22/2019 at 7:53 PM, "Ryan McGinnis via Gnupg-users"  wrote:I’m
not so sure that it does.  I think that’s the point security
researchers like Schneier have been trying to make: it is easy for all
people — from grandparents who still think they need AOL to
chipheads who can install Arch without watching a YouTube tutorial —
to screw up encrypted email in a way that exposes the cleartext.  
Encrypted email is fundamentally unsafe as it currently exists. 
It’s really hard to screw up some of the new E2E encrypted
messengers.  Sure, if your method for secure communications is
dropping stego’d memes with encrypted payloads on imgur, then simple
tools like Signal and WhatsApp won’t do.  But if you’re trying to
securely communicate like a normal person who is not pretending to be
Mister Robot, then PGP for email is one of the least adopted, least
safe ways to do so and Signal/iMessage/WhatsApp are decent solutions. 

-Ryan McGinnis 
https://bigstormpicture.com 
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
Sent from ProtonMail Mobile 

On Mon, Jul 22, 2019 at 15:00, Mark H. Wood via Gnupg-users  wrote: 
On Mon, Jul 22, 2019 at 03:46:18PM +0000, Ryan McGinnis via
Gnupg-users wrote:
>   
[1]https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html
>
>     3. Why is anyone using encrypted e-mail anymore, anyway?
Reliably and
>    easily encrypting e-mail is an insurmountably hard problem for
reasons
>    having nothing to do with today's announcement. If you need to
>    communicate securely, use Signal. If having Signal on your phone
will
>    arouse suspicion, use WhatsApp.

Depends on your threat model.  For mine, reliably and easily
encrypting email is almost absurdly simple:

1) Use PGP
2) Don't send secrets to people I don't trust to keep them.

Anyway, 99% of my PGP use is for the opposite of secrecy: I sign my
emails so that (if you care enough to install PGP) you can be highly
assured that they're from me.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190723/0c4a7d64/attachment.html>

More information about the Gnupg-users mailing list