Hacker News new | past | comments | ask | show | jobs | submit login

The underlying crypto is not really "fine". For instance, compare the PGP MDC construction to a modern authenticated cryptosystem.



The PBKDFs for symmetric (secring at rest and gpg -c) are also terrible. I'd love to be able to donate a few thousand dollars to a bounty to get this fixed.


What I meant was that the crypto primitives (the implementation of the math) is good enough for the application, the use/assembly of them (eg: the system) leaves much to be desired.

This also only applies to the algorithms that are currently considered not weak.


I'm talking about constructions, which are part of "the math".




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: