{"id":94,"date":"2026-03-28T03:06:07","date_gmt":"2026-03-28T07:06:07","guid":{"rendered":"https:\/\/sixdemonbag.org\/?p=94"},"modified":"2026-03-28T03:06:07","modified_gmt":"2026-03-28T07:06:07","slug":"the-critics","status":"publish","type":"post","link":"https:\/\/sixdemonbag.org\/?p=94","title":{"rendered":"The Critics"},"content":{"rendered":"\n<p><em>This was originally an email posted to the GnuPG-Users mailing list. Werner Koch, the maintainer of GnuPG, thought it merited its own post on the GnuPG blog. I tuned it a little bit and turned it into the text below.<\/em><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>On the GnuPG-Users mailing list, a user asked the following (paraphrased) question:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>I am very well aware of the consistent and persistent campaign against GnuPG. Is there a reason for this?<\/p>\n<\/blockquote>\n\n\n\n<p>There are many reasons.<\/p>\n\n\n\n<p>Before we go further, the things I\u2019m speaking of apply to both LibrePGP and RFC9580 OpenPGP. The criticisms made against one usually wind up getting made against the other, whether for good or ill. These criticisms fall on a spectrum, from infuriatingly dishonest all the way to carefully thought out and researched. I\u2019ll start with the ones I think are dishonest.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Fearmongers<\/h2>\n\n\n\n<p>The worst of the worst, my personal b\u00eate noire, come from a particular kind of user: someone who derives their social status from the unholy union of<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>being a geek and<\/li>\n\n\n\n<li>making people afraid.<\/li>\n<\/ul>\n\n\n\n<p>When you can make people afraid you can lead them into looking to you to tell them what to do. Making people afraid is usually a power play of some kind. It reminds me of high school. I hated high school.<\/p>\n\n\n\n<p>What pushes me over the edge into being a genuinely unpleasant person is when they make people afraid about something they can\u2019t verify for themselves. When Chicken Little told everyone the sky was falling, at least Chicken Little had the common decency to lie about something people could disprove just by looking up.<\/p>\n\n\n\n<p>There are a lot of nerdy people making people scared about near-future events they have to take on faith. I don\u2019t see much difference between Sam Altman telling people \u201cin eighteen months half of your jobs will be gone!\u201d and somebody hiding behind a pseudonym saying \u201cackshually the new NSA listening center in Utah is going to be able to crack PGP because\u2026\u201d. Either way it\u2019s the same spiel. These people make me very angry.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Half-Truth Dealers<\/h2>\n\n\n\n<p>Then there are the people who deal in half-truth criticisms. For instance, a lot of people say that Open\/LibrePGP don\u2019t offer forward secrecy, and \u201call modern designs offer perfect forward secrecy.\u201d<\/p>\n\n\n\n<p>Forward secrecy (sometimes misnamed \u201cperfect\u201d forward secrecy) relates to a property of cryptosystems where compromising one message doesn\u2019t help you compromise other messages in the past or future. ClassicPGP offered this all the way back in 1991. Each message is encrypted with its own unique session key: if I give you that unique session key it does not help you decrypt any other message. Presto: Libre and OpenPGP have both had forward secrecy since their moment of conception.<\/p>\n\n\n\n<p>Some of you may be thinking, \u201cyes, but if a long-term key is compromised that\u2019s a terrible problem: do Libre and OpenPGP really offer forward secrecy?\u201d<\/p>\n\n\n\n<p>And you\u2019re correct: what I said was a half-truth. Looked at one way Libre and OpenPGP offer forward secrecy, but there\u2019s a very important way in which they don\u2019t. Clearly, we shouldn\u2019t talk about Libre and OpenPGP like this. We should talk fairly, in complete truths.<\/p>\n\n\n\n<p>Now you know why I get so ornery when people insist \u201cLibre and OpenPGP use long-term keys, so there\u2019s no forward secrecy.\u201d It\u2019s a half-truth at best, and it obscures important things about how the system operates.<\/p>\n\n\n\n<p>Half-truth dealers are found everywhere in computer security discussions. Some of them are innocently miseducated: these people should be corrected kindly and respectfully. Some are genuinely engaging in bad faith: these people should be called out.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ivory Towerism<\/h2>\n\n\n\n<p>Then there are academics who make highly academic criticisms, that although are offered in good faith often show a lack of consideration of real-world constraints on what we can do, or a lack of understanding of what the real problems are.<\/p>\n\n\n\n<p>For instance, from RFC2440 to the final draft of RFC4880, OpenPGP specified 3DES as a permissible algorithm. 3DES was designed in the 1970s and is by modern standards unbearably ugly. It has all the aesthetic qualities of Soviet New Realism art coupled with all the elegance of a North Korean workers\u2019 housing bloc.<\/p>\n\n\n\n<p>But you\u2019ll notice I never said 3DES was weak. After fifty years (!!) of cryptanalytical research nobody knows of any practical attacks on 3DES when used in the standard OpenPGP use case. It\u2019s kind of impressive that way.<\/p>\n\n\n\n<p>Despite this brilliant record of resistance to cryptanalysis (when used in the standard use case) a lot of academic critics continue to smear it \u2014 and other technology choices within Libre and OpenPGP \u2014 as somehow being weak because it is ugly.<\/p>\n\n\n\n<p>I respectfully disagree. I don\u2019t think these critics are being dishonest, but I wonder what causes them to confuse strength with beauty.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Honest Brokers<\/h2>\n\n\n\n<p>Some very serious people have made very serious criticisms of OpenPGP over the years. Matthew Green at Johns Hopkins, for starters, was really not a fan. See, for instance, <a href=\"https:\/\/blog.cryptographyengineering.com\/2014\/08\/13\/whats-matter-with-pgp\/\">his essay at <em>Cryptography Engineering<\/em><\/a>.<\/p>\n\n\n\n<p>He made those criticisms in 2014. They were devastatingly sharp and overwhelmingly fair. As a consequence, Libre\/OpenPGP took notice. The latest specifications mitigate the majority of his concerns from 2014. I doubt he\u2019s since become a fan, but Libre\/OpenPGP deserve credit for being willing to listen to a passionate critic speaking in good faith.<\/p>\n\n\n\n<p>I think we need more critics like Matthew Green. As hard as it is to hear honest and well-founded \u201cthis is why nobody uses Libre\/OpenPGP\u201d criticism, I\u2019m always grateful for it. That\u2019s how we get better.<\/p>\n\n\n\n<p>But for every solid, well-thought-out, and occasionally devastating critique on Open\/LibrePGP there are easily a dozen ones that vary from disingenuous to confused to genuinely dishonest and manipulative.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>This essay is \u00a9 2026 by <a href=\"https:\/\/sixdemonbag.org\/?page_id=7\">Robert J. Hansen<\/a>. You may use it under the <a href=\"https:\/\/creativecommons.org\">Creative Commons<\/a> <a href=\"https:\/\/creativecommons.org\/licenses\/by-nd\/4.0\/\">Attribution-NoDerivs 4.0 license<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This was originally an email posted to the GnuPG-Users mailing list. Werner Koch, the maintainer of GnuPG, thought it merited its own post on the GnuPG blog. I tuned it a little bit and turned it into the text below. On the GnuPG-Users mailing list, a user asked the following (paraphrased) question: I am very [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-94","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=\/wp\/v2\/posts\/94","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=94"}],"version-history":[{"count":1,"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=\/wp\/v2\/posts\/94\/revisions"}],"predecessor-version":[{"id":95,"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=\/wp\/v2\/posts\/94\/revisions\/95"}],"wp:attachment":[{"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=94"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=94"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sixdemonbag.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=94"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}