Hey everyone, I certainly don't think Enigmail should switch or that standards need to be changed. At the start of the year, I read that the NSA (which is doing serious R&D in this field) recommended taking post-quantum computing more seriously: https://www.schneier.com/blog/archives/2016/02/more_details_on_2.html
I've been reading up on this, but yet to find people integrating these tools into real applications. As someone who's not a computer scientist or cryptographer, the best way that I can help is adapt the Enigmail code to generate e-mail signatures from one of these systems. While that's underway, I started writing up recommendations for how to set your browser to use the only quantum-secure system available on SSL/TLS: AES-256. (As secure as AES-128 on classical computers today) The name for this experiment is "Annealmail" after quantum annealing. Please use GitHub for any further comments: https://github.com/mapmeld/annealmail Regards, Nick Doiron On Sun, Jun 19, 2016 at 5:12 PM, Robert J. Hansen <[email protected]> wrote: > > I can see a use case you seem to have neglected. > > Not neglected: considered and rejected. > > First: Arthur C. Clarke famously observed that advanced technology > cannot be differentiated from magic, and it's true. Just like we refuse > to defend against shamans, psychic intruders, and the restless ghost of > Alan Mathison Turing, we also refuse to defend against quantum > computing. Because it's the same thing. Magic. And we're not going to > even think of appeasing cargo-cultists who think we ought shake a > feather-covered stick to appease the gods of Quantum. This should not > be read as a slam on the people who are working in the field. They're > doing great work trying to make the future real. But for right now, > it's completely unreasonable to expect practical systems to defend > against quantum computation. > > Further: Enigmail provides OpenPGP support. QRC isn't in RFC4880 or any > of the supporting RFCs. One might wonder *why* the Working Groups > haven't incorporated QRC into the supporting RFCs... or one might > suspect they're using the same reasoning we are. The Working Groups are > closely following QRC, and as soon as it becomes an issue for practical > systems to worry about, they'll take appropriate steps. > > Finally: the letters "PGP" in "OpenPGP" stand for "Pretty Good Privacy". > And that's what Enigmail provides... a *pretty good* level of privacy. > You're expecting a level of privacy that not even the United States > government requires for information classified Top Secret. (They're > happy with elliptical-curve keys in the 500-bit range, which are even > more susceptible to quantum computing than a 1024-bit RSA key!) > > Be reasonable. We're not promising anything beyond a "pretty good" > level of privacy, and we're definitely not going to start doing rain > dances to appease the gods of quantum. > > _______________________________________________ > enigmail-users mailing list > [email protected] > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net >
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
