***
fedilink
27
***
fedilink

This article claims that PGP is dead. Is it really though? I checked EFAIL mitigation page, and nowhere does it support their claims about the tech being dead? And if it is so insecure as claimed by the article, then why is it still being used to sign Git commits or encrypt emails even today? Why did Skiff conveniently ignore the part to inform the reader that the standard was being updated?

@stifle867@programming.dev
link
fedilink
68M

It seems you completely misinterpreted the intention of the article (willingly or ignorantly).

At Skiff, we take an authoritative position that PGP is no longer useful, long outdated by better encryption protocols, encumbered by unneeded complexity, and hard to use even from the start.

Except for “no longer useful” the rest is pretty much unanimously agreed upon within the community.

@LWD@lemm.ee
link
fedilink
18M

Skiff Team wrote the article to promote Skiff products, referred to PGP as dead, and repeatedly implied it was insecure:

While PGP is generally considered to be secure, there have been instances where PGP implementations have been successfully attacked by hackers. This can leave users’ communications vulnerable to interception and decryption.

Of course, in order to use their encryption, you must buy into their platform, and so must everyone else… The end-to-end encryption only works when both ends are on their servers. (This is true for every other “E2EE email” provider.)

kby
link
fedilink
10
edit-2
8M

“Keys can be stolen or hacked”. Assuming that an adversary gains access to your user account on your local computer? Well, there is no messaging protocol that will “protect” you and your data when an adversary has unrestricted access to your user account.

I am not sure for whom this article was written. “It’s hard to exchange keys” is Computer Security 101. That’s how public-key cryptography without a centeralized PKI works. The only valid argument against PGP I could recognize here is the fact that PGP provides no forward secrecy.

@mintycactus@lemmy.world
link
fedilink
3
edit-2
8M

deleted by creator

@ruben@lemmy.blahaj.zone
link
fedilink
108M

That srticle does not claim PGP to be insecure.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.44K Posts
  • 57.5K Comments
  • Modlog