Hacker News new | past | comments | ask | show | jobs | submit login

Ah the famously friendly UX of PGP combined with the solid reliability of email. This is trying to get two drunks to stand up straight by leaning them against each other.



> This is trying to get two drunks to stand up straight by leaning them against each other.

Thank you for painting this beautiful picture.


Presumably they have chosen and standardized a particular subset of PGP for their product, making it fully reliable and user-friendly.


They've actually cracked PGP, and email is fine, especially between self hosters and anyone using chatmail. I've been using it for years: Delta really, really works.


Can you clarify "cracked"?


PGP has been cracked when you use it with automation in that you can steal keys slowly by relying on the meta-behavior of systems around PGP. A classic attack here is timing how long it takes for a PGP-based automated system to reject your messages.

PGP is intended for the classic "used by a human to encrypt emails manually" flow and is actually insecure if you automate around it.


I'm fairly sure they meant "cracked" as slang for "solved", as in "I've cracked the case."


the timing attack you're describing is extremely common -- not unique to PGP -- and simple to mitigate. do you have more literature about the attack, or attacks, that you're describing?


You should really try the thing in question before commenting


Have you used it?


Slap AI, blockchain and electron on it and ship it, stat.


Very secure, too. You get all the insecurity of automated use of PGP combined with the insecurity of using email protocols.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: