https://www.reddit.com/r/privacy/comments/1igbsd4/pgp_is_it_even_still_a_thing/
created by Accomplished_Shoe962 on 03/02/2025 at 00:06 UTC
29 upvotes, 16 top-level comments (showing 16)
I remember about a decade ago there was this huge concern over pgp being open source. Is pgp still a viable means of encryption/privacy?
Comment by FolgerJoe at 03/02/2025 at 01:39 UTC
70 upvotes, 1 direct replies
It's pretty good
Comment by slutty_muppet at 03/02/2025 at 00:22 UTC
25 upvotes, 1 direct replies
Why would it not be a thing? Yes it is still a thing.
Comment by upofadown at 03/02/2025 at 02:34 UTC
10 upvotes, 0 direct replies
Chances are that it is among the most secure things available. I think that is because it is brutally simple, there isn't really much there to attack. During the Snowden leak it turned out that PGP was on a very short list of things the NSA had no access to.
Note that the OpenPGP standard is under a sort of split/extension attack:
Open source is actually a good attribute for this sort of thing...
1: https://articles.59.ca/doku.php?id=pgpfan:schism
Comment by MeatBoneSlippers at 03/02/2025 at 10:28 UTC*
6 upvotes, 0 direct replies
PGP is still considered secure when using modern settings (AES-256, RSA-4096, SHA-256+). Legacy algorithms like SHA-1, 3DES, and older RSA key sizes (1024-bit) shouldn't be used whatsoever. It should be noted that PGP isn't necessarily post-quantum safe in its current state. RSA, ElGamal, and DSA rely on mathematical problems (integer factorization, discrete logarithms) that can be broken by Shor's algorithm if a large enough quantum computer is built. Grover's algorithm only weakens AES-256 slightly (but can break AES-128), but doesn't quite break it **as far as I know**. Hash functions like SHA-256+ are safe, I believe. Despite these concerns, I do think OpenPGP and GnuPG are exploring post-quantum cryptographic alternatives (e.g., Kyber, Dilithium, SPHINCS+) or a hybrid encryption model by mixing quantum-safe and traditional encryption. I don't know what the current state is for GnuPG, but you can track an OpenPGP draft for implementing PQC algorithms here: https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/[1]. Until PQC is finalized, RSA-4096 + AES-256 + SHA-512 + ZLIB or BZIP2 (for compression) in a PGP setup is the most secure. ECC is more efficient but could be more vulnerable to quantum attacks than larger RSA keys, hence why I suggested RSA-4096 over ECC. **If I'm wrong, someone will correct me.**
1: https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/
Edit: Looks like until PQC is natively supported in OpenPGP, there's this project[2] which looks interesting. I'll be looking into it myself soon.
2: https://github.com/open-quantum-safe/oqs-provider/
Comment by gonewild9676 at 03/02/2025 at 00:09 UTC
11 upvotes, 0 direct replies
Yes. I use it regularly at work with data transfee
Comment by CorsairVelo at 03/02/2025 at 02:31 UTC
3 upvotes, 0 direct replies
Proton mail and their suite is built on PGP. Last I looked they were growing.
Comment by njfreshwatersports at 03/02/2025 at 09:09 UTC
3 upvotes, 0 direct replies
Even something like EFS is better than doing nothing imo.
Comment by slaughtamonsta at 03/02/2025 at 12:07 UTC
3 upvotes, 0 direct replies
It is still a thing. Used on dark net markets and forums and probably other places too.
Comment by leedonho123 at 03/02/2025 at 04:15 UTC
4 upvotes, 0 direct replies
Yes, It's still Pretty Good Privacy!
Comment by webfork2 at 03/02/2025 at 03:10 UTC
2 upvotes, 0 direct replies
There are some places where it's useful but if you don't currently have anyone you're communicating with that uses it, you should probably look into other options. Because it is complex and because there are probably other tools that can do what you need that are easier.
There are a variety of general concerns about it (usually something owing to the complexity) but to date it's generally still considered secure and effective. I would avoid using outdated versions of the software.
Comment by stKKd at 03/02/2025 at 06:08 UTC
1 upvotes, 0 direct replies
Opensource.. Worry? Maybe you forgot a word?
Comment by mailslot at 03/02/2025 at 08:06 UTC
1 upvotes, 0 direct replies
Yes. I use it to sign my Git commits.
Comment by fl0o0ps at 03/02/2025 at 10:24 UTC
1 upvotes, 0 direct replies
Definitely.
Comment by XFM2z8BH at 03/02/2025 at 13:03 UTC
1 upvotes, 0 direct replies
yes
Comment by TempArm200 at 03/02/2025 at 00:14 UTC
0 upvotes, 1 direct replies
PGP's still viable for secure communication, especially for high-stakes industries like journalism.
Comment by chamgireum_ at 03/02/2025 at 00:45 UTC
-1 upvotes, 3 direct replies