ā...to *their* enemies...ā What if NSA is an adversary in your threat model?
Let me share with you one of the unclassified secrets of NSA's cryptographic section, as told to me by one of their instructors: they always assume the other guy has better mathematicians, better computers, and more money. If they believe "okay, against an adversary with better mathematicians, better computers, and more money, we still believe RSA-3072 will give sufficient protection to our communications until 2055," then the only conclusion I can draw is NSA doesn't think they'll be able to break it either.
In troubled times, why not have the long-term peace of mind of a free upgrade of your FOSS encryption software, including GnuPG 2.5.x?
Excellent question, and you'll note that just recently I urged someone to migrate from 1.4 to the new 2.6 series (of which 2.5.12 is, I think, the official beginning). I'm not opposed to migration. I'm opposed to doing it badly.
As for blindly trusting NSA advice generally, sorry but Iām not
Good. Blind trust is bad. So is blind *dis*trust. The trick is, in the words of Sage Francis, "a healthy distrust".
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
