reply on: GitHub - eddieoz/openxrypt: Secure Direct Messaging for Social Media \ stacker news ~privacy

pull down to refresh

10 sats \ 2 replies \ @ZezzebbulTheMysterious 13 May 2024 \ parent \ on: GitHub - eddieoz/openxrypt: Secure Direct Messaging for Social Media privacy

The problem is that openpgp has a massive footprint and supports many legacy key formats. It is from a time of “cryptoagility”, which is an anti goal today. You don’t want to be using RSA keys in 2024.

have a look at saltpack

0 sats \ 1 reply \ @eddieoz OP 14 May 2024

I recommend using ECC 25519 in README because of RSA's massive and slow keys.
It is secure, fast, and widely used today.

GPG is not 'anti-goal'. It is about security and anti-surveillance.

0 sats \ 0 replies \ @ZezzebbulTheMysterious 14 May 2024

You misunderstand me — “cryptoagility” is an anti-goal today. OpenPGP was designed for “cryptoagility”, so it runs against modern cryptographic engineering principals. This is yet another reason why OpenPGP is bad.

I agree curve25519/ed25519 is what you want to use, that’s why I recommended a modern cryptography library like NaCl and Saltpack for encoding. Not OpenPGP.

It’s not enough to not recommend RSA, a good cryptosystem doesn’t support bad algorithms.
Really you shouldn’t recommend anything, because users have no clue. You simply abstract sensible params for the user.