zlacker

[parent] [thread] 3 comments
1. southe+(OP)[view] [source] 2021-09-15 07:43:22
"PGP" is an algorithm, not an organization or movement, so you can't really say it failed. The algorithm is pretty good, though some implementations are really bad, and most programs who embed it have bad UX.

However, there's still some very good programs with good UX making use of PGP (for example delta.chat), and to this day no cryptomoney scam wallet has ever been as useful as PGP has over the years.

replies(3): >>woodru+va >>h_anna+Ma >>vmcept+FG
2. woodru+va[view] [source] 2021-09-15 09:28:23
>>southe+(OP)
I’ve never heard PGP described as an algorithm before. I think it’s more accurate to describe it as a signing and encryption envelope standard, which internally supports a whole bunch of common encryption standards.

More generally, there’s broad consensus in the cryptographic community that PGP’s intended uses and design are fundamentally flawed/mismatched against modern actual uses.

Don’t get me wrong! Cryptocurrency is filled with shysters and I don’t use any of them. But we should probably be encouraging users to stop treating PGP over email as if it does anything and instead encourage them to switch to E2EE systems (since that’s what the majority actually want.)

3. h_anna+Ma[view] [source] 2021-09-15 09:31:04
>>southe+(OP)
> The algorithm is pretty good

It really isn't. It uses CFB and does not have a MAC, while the format is overly complicated for no reason.

4. vmcept+FG[view] [source] 2021-09-15 13:51:32
>>southe+(OP)
"cryptomoney scam wallets" have likely secured many more deals with offline verification signatures over the past 5 years than PGP has over 25 years. no need to conflate that with transactions and value transfer. its just public and private key cryptography and inherits everything that PGP offers.

this algorithm has failed to proliferate outside of thin security conscious niches for an entire generation of internet users, and has been leapfrogged.

[go to top]