Again, Signal is touted as better than PGP.Why?Look at this problem with signal. Looks really serious. Signal Desktop Leaves Message Decryption Key in Plain Sight https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/
I don't think PGP does THIS ! Elwin Sent using Hushmail On 7/22/2019 at 7:53 PM, "Ryan McGinnis via Gnupg-users" wrote:I’m not so sure that it does. I think that’s the point security researchers like Schneier have been trying to make: it is easy for all people — from grandparents who still think they need AOL to chipheads who can install Arch without watching a YouTube tutorial — to screw up encrypted email in a way that exposes the cleartext. Encrypted email is fundamentally unsafe as it currently exists. It’s really hard to screw up some of the new E2E encrypted messengers. Sure, if your method for secure communications is dropping stego’d memes with encrypted payloads on imgur, then simple tools like Signal and WhatsApp won’t do. But if you’re trying to securely communicate like a normal person who is not pretending to be Mister Robot, then PGP for email is one of the least adopted, least safe ways to do so and Signal/iMessage/WhatsApp are decent solutions. -Ryan McGinnis https://bigstormpicture.com PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD Sent with ProtonMail Sent from ProtonMail Mobile On Mon, Jul 22, 2019 at 15:00, Mark H. Wood via Gnupg-users wrote: On Mon, Jul 22, 2019 at 03:46:18PM +0000, Ryan McGinnis via Gnupg-users wrote: > [1]https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html > > 3. Why is anyone using encrypted e-mail anymore, anyway? Reliably and > easily encrypting e-mail is an insurmountably hard problem for reasons > having nothing to do with today's announcement. If you need to > communicate securely, use Signal. If having Signal on your phone will > arouse suspicion, use WhatsApp. Depends on your threat model. For mine, reliably and easily encrypting email is almost absurdly simple: 1) Use PGP 2) Don't send secrets to people I don't trust to keep them. Anyway, 99% of my PGP use is for the opposite of secrecy: I sign my emails so that (if you care enough to install PGP) you can be highly assured that they're from me. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
