The Pgp Problem (2019)

croemer · 2025-12-28T08:39:57.000Z

Discussion: The PGP Problem (2019)

Posted6d agoActive40m ago

croemer

33 points

33 comments

latacora.comTech Discussionstory

informativenegative

Debate

60/100

PgpCryptographyData_security

Key topics

Pgp

Cryptography

Data_security

Discussion Activity

Very active discussion

First comment

Peak period

132-144h

Avg / period

Comment distribution44 data points

Loading chart...

Based on 44 loaded comments

Key moments

01Story posted
Dec 28, 2025 at 3:39 AM EST
6d ago
Step 01
02First comment
Jan 2, 2026 at 8:07 PM EST
6d after posting
Step 02
03Peak activity
42 comments in 132-144h
Hottest window of the conversation
Step 03
04Latest activity
Jan 3, 2026 at 7:03 AM EST
40m ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (33 comments)

Showing 44 comments

shakna

11h ago

1 reply

Probably resurfacing, because we have some new attacks thanks to CCC. [0]

[0] https://news.ycombinator.com/item?id=46453461

shakna

10h ago

2 replies

Worth noting: minisign and age were also affected by a couple things here.

GnuPG has decided a couple things are out of scope, fixed a couple others. Not all is in distro packages yet.

age didn't have the clearest way to report things - discord is apparently the point of contact. Which will probably improve soon.

minisign was affected by most everything GnuPG was, but had a faster turnaround to patching.

stackghost

8h ago

1 reply

The mark of good security is not "has no bugs". It's how the maintainers respond to security-relevant bugs.

F3nd0

7h ago

… in which case, ‘on Discord’ is not off to a good start.

tptacek

9h ago

The minisign bug was much less severe than the (insane) GPG signing bugs, and the age bug wasn't a cryptographic thing at all, just a dumb path sanitization thing. Minisign was not in fact affected by most everything GPG was. The GnuPG team wontfixed one of the most significant bugs!

felipelalli

11h ago

2 replies

Even though I read so many posts criticizing PGP, it's still difficult for me to find an alternative. He states in the article that being a "Swiss Army Knife" is bad. I understand the argument, but this is precisely what makes GPG so powerful. The scheme of public keys, private keys, revoke, embedded WOT, files, texts, everything. They urgently need to make a "modern version" of GPG. He needs a replacement, otherwise he'll just be whining.

schoen

10h ago

1 reply

There's a section in this post with proposed replacements:

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#th...

I was also frustrated with this criticism in the past, but there are definitely some concrete alternatives provided for many use cases there. (But not just with one tool.)

eddythompson80

10h ago

2 replies

I’m still frustrated by the criticism because I internalized it a couple of years ago and tried to move to age+minisig because those are the only 2 scenarios I personally care about. The overall experience was annoying given that the problems with pgp/gpg are esoteric and abstract that unless I’m personally are worried about a targeted attack against me, they are fine-ish.

If someone scotch tapes age+minisig and convince git/GitHub/gitlab/codeberge to support it, I’ll be so game it’ll hurt. My biggest usage of pgp is asking people doing bug reports to send me logs and giving them my pgp keys if they are worried and don’t want to publicly post their log file. 99.9% of people don’t care, but I understand the 0.1% who do. The other use is to sign my commits and to encrypt my backups.

Ps: the fact that this post is recommending Tarsnap and magicwormhole shows how badly it has aged in 6 years IMO.

aniviacat

10h ago

1 reply

> the fact that this post is recommending Tarsnap and magicwormhole shows how badly it has aged in 6 years

What's wrong with magic wormhole?

eddythompson80

9h ago

It’s just not the same thing. There is significant overlap, but it’s not enough to be a reasonable suggestion. You can’t suggest a service as a replacement for a local offline tool. It’s like saying “Why do you need VLC when you can just run peertube?”. Also since then, age is the real replacement for pgp in terms of sending encrypted files. Wormhole is a different use case.

nine_k

9h ago

1 reply

Has Tarsnap become inadequate, security-wise? The service may be expensive for a standard backup. It had a serious bug in 2011, but hasn't it been adequate since then?

eddythompson80

9h ago

I don’t know anything that makes me think it’s inadequate per se, but it’s also been more than 10 years since I thought about it. Restic, gocryptfs, and/or age are far more flexible, generic and flat out better in managing encrypted files/backups depending on how you want to orchestrate it. Restic can do everything, gocryptfs+rclone can do more, etc.

stackghost

9h ago

1 reply

The so-called web of trust is meaningless security theatre.

>They urgently need to make a "modern version" of GPG.

Absolutely not.

Diti

3h ago

Ignoring your comment’s lack of constructive criticism, I’m going to post this meaningful implementation that an excellent cryptographer, Soatok Dreamseeker, is working on: [1].

You may also search for his posts in this HN thread, his nickname is “some_furry”.

[1]: https://github.com/fedi-e2ee/public-key-directory-specificat...

maqp

10h ago

1 reply

The biggest issue with PGP/gpg is the difficulty of getting rid of it. If you work on big distros, or know someone who works on big distros, please (start asking them to) add https://github.com/jedisct1/minisign to pre-installed packages to facilitate transition. It's almost a chicken egg problem but the sad thing is, no project wants to swap the signing tool to a better one until everyone can verify the new signatures.

singpolyma3

9h ago

2 replies

Note that minisign was also vulnerable in the gpg.fail exposures

woodruffw

9h ago

Yes, but not nearly to the same extent. The GPG vulns are staggering in comparison.

maqp

7h ago

All software has bugs. But having a small purpose-built program do one thing well is much smaller attack surface. The Unix philosophy also makes a pretty good security argument.

bgwalter

10h ago

1 reply

How does this help people who are not following this issue regularly? gpg protected Snowden, and this article promotes tools by one of the cryptographers who promoted non-hybrid encryption:

https://blog.cr.yp.to/20251004-weakened.html#agreement

So what to do? PGP by the way never claimed to prevent traffic analysis, mixmaster was the layer that somehow got dropped, unlike Tor.

tptacek

9h ago

1 reply

You could also say Cryptocat protected Snowden; he used it to communicate with reporters. So, that's how well that argument holds up.

bgwalter

9h ago

1 reply

https://en.wikipedia.org/wiki/Cryptocat#Reception_and_usage

"In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work."

So it was used when Snowden was already on the run, other software failed and the communication did not have to be confidential for the long term.

It would also be an indictment of messaging services as opposed to gpg. gpg has the advantage that there is no money in it, so there are unlikely to be industry or deep state shills.

tptacek

8h ago

1 reply

Huh? There's no money in anything we're talking about here.

bgwalter

7h ago

1 reply

You have to understand the concept that people go on tangents on an internet message board. Your persistent sniping on parts of messages is annoying.

tptacek

7h ago

1 reply

I don't care that it's a tangent, I care that it's incoherent and wrong.

bgwalter

6h ago

The tangent explicitly talks about generic messaging services. Whatsapp and Signal have more money than gpg. Thinking about it more, it is not even a tangent, because TFA says:

"Use Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger."

brianjlogan

9h ago

1 reply

Is anyone else unable to read the report on mobile? Completely broken styling for me.

nine_k

9h ago

Can't confirm, works fine for me (Android, Firefox).

nine_k

9h ago

2 replies

I agree that age + minisign comprise a much neater stack that does basically everything I would need to use PGP for.

Neither of them supports hardware keys though, as much as I could see. OTOH ssh and GnuPG do support hardware keys, like smart cards or Yubikey-like devices. I suppose by the same token (not a pun, sadly) they don't support various software keychains provided by OSes, since they don't support any external PKCS11 providers (the way ssh does).

This may reduce the attack needed to steal a private key to a simple unprivileged infiltration, e.g. via code run during installation of a compromised npm package, or similar.

nine_k

6h ago

BTW apparently age has plugins that allow to use FIDO2 and TPM for cryptography.

some_furry

6h ago

> Neither of them supports hardware keys though, as much as I could see.

https://github.com/str4d/age-plugin-yubikey

stackghost

9h ago

1 reply

Anyone know why GitHub doesn't support signing commits with signify/minisign?

some_furry

6h ago

My first guess is, "Not enough people have asked for it."

So let's get the party started: https://github.com/orgs/community/discussions/183391

bgwalter

8h ago

2 replies

So they recommend Signal. Mike Waltz had to resign over accidentally inviting a journalist to a group chat, and scanning a malicious QR code suffices to allow an attacker to read all your messages. People scan QR codes all the time:

https://cloud.google.com/blog/topics/threat-intelligence/rus...

Of course, people here who have recommended Signal are silent about these issues and rather continue to bash gpg.

some_furry

6h ago

1 reply

> Of course, people here who have recommended Signal are silent about these issues and rather continue to bash gpg.

I've reviewed Signal extensively on my blog. https://soatok.blog/2025/02/18/reviewing-the-cryptography-us...

I analyze cryptosystems based on what an attacker can do, given sufficient capabilities.

"The user adds the wrong person to a group chat" is not a cryptographic weakness, nor a particularly interesting one. Why would I have anything to say about it?

We aren't "silent" about your pet peeves. We just have lives and more interesting things to talk about.

> EDIT: tptacek enters the chat, my messages are downvoted. This is how he convinces people to use Signal.

This kind of comment gets people banned from Hacker News. Please stop that.

bgwalter

6h ago

1 reply

Of course you omit the QR code issue in your response, just like tptacek tried to deflect in the other subthread after his Cryptocat objection was refuted.

some_furry

5h ago

1 reply

> Of course you omit the QR code issue in your response,

What? You mean a vulnerability that was mitigated in February of last year? In what sense am I obligated to comment on such a thing? You use the verb "omit" as if such an obligation exists. This is delusional rhetoric.

First you complain about tptacek choosing to comment about a tangent, and then you get upset that I didn't entertain your tangent. Pick a lane.

> just like tptacek tried to deflect in the other subthread after his Cryptocat objection was refuted.

I didn't see a refutation.

bgwalter

5h ago

1 reply

I no longer respond if you use Simple Sabotage Field Manual tactics.

some_furry

5h ago

> I no longer respond

You just did.

> if you use Simple Sabotage Field Manual tactics.

No idea what you're even talking about there.

upofadown

40m ago

I think it is fair to say that usability is fairly bad for most end to end encrypted systems ... and usability and security are intertwined for E2EE. Here are my comments on Signalgate 1.0:

* https://articles.59.ca/doku.php?id=em:sg

anta40

5h ago

1 reply

I'm curious. What's the advantage of using signify/minisign instead of good old PGP/GPG?

some_furry

5h ago

PGP/GPG is a complicated mess designed in the 1990's and only incrementally updated to add more complexity and cover more use-cases, most of which you'll never need. Part of PGP/GPG is supporting a large swath of algorithms (from DSA to RSA to ECDSA to EdDSA to whatever post-quantum abomination they'll cook up next).

Signify/Minisign is Ed25519. Boring, simple, fit-for-purpose.

You can write an implementation of Minisign in most languages with little effort. I did in PHP years ago. https://github.com/soatok/minisign-php

Complexity is the enemy of security.

jairuhme

11h ago

Can the link be updated to not be to the end of the page?

matted7505

9h ago

After reading the PyCon 2016 presentation about wormhole, and say my understanding of channels is correct (that is, each session on the same wireless network constitutes a session). What's stopping a hostile 3rd party, who wishes to stop a file transfer from happening, from spamming every channel with random codes?

upofadown

7h ago

My comments on The PGP Problem:

* https://articles.59.ca/doku.php?id=pgpfan:tpp

View full discussion on Hacker News

ID: 46409473Type: storyLast synced: 1/3/2026, 6:30:42 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN