Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://grapheneos.social/users/GrapheneOS/statuses/113047232643708054">GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 30-Aug-2024 17:30:33 JST</a><a href="https://grapheneos.social/@GrapheneOS" title="grapheneos@grapheneos.social"><img src="https://gnusocial.jp/avatar/99224-48-20240219114657.webp" width="48" height="48" alt="GrapheneOS" style="position: absolute; left: 0; top: 0;">GrapheneOS</a><div><ul><li><li><a href="https://gnusocial.jp/user/71458" title="delta@chaos.social">Delta Chat</a></li></ul></div></section><article><p><a href="https://infosec.space/@kkarhan">@kkarhan</a> <a href="https://mastodon.world/@signalapp">@signalapp</a> <a href="https://chaos.social/@delta">@delta</a> PGP is legacy technology with tons of legacy cryptography like still using SHA-1 for fingerprints in practice. It doesn't have forward secrecy like a proper secure messaging system. The main implementation of it that's widely used is horribly implemented with massive security flaws throughout it (GPG). The web of trust nonsense is badly designed and always in use even to simply verify a specific file with a specific key from a file. Keyservers are another big mess.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3588998#notice-7041293">In conversation</a><time datetime="2024-08-30T17:30:33+09:00" title="Friday, 30-Aug-2024 17:30:33 JST">about 3 months ago</time> <span>from <span><a href="https://grapheneos.social/@GrapheneOS/113047232643708054" rel="external" title="Sent from grapheneos.social via ActivityPub">grapheneos.social</a></span></span><a href="https://grapheneos.social/@GrapheneOS/113047232643708054">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 30-Aug-2024 17:30:33 JSTGrapheneOS
- Signal
- Delta Chat
@kkarhan @signalapp @delta PGP is legacy technology with tons of legacy cryptography like still using SHA-1 for fingerprints in practice. It doesn't have forward secrecy like a proper secure messaging system. The main implementation of it that's widely used is horribly implemented with massive security flaws throughout it (GPG). The web of trust nonsense is badly designed and always in use even to simply verify a specific file with a specific key from a file. Keyservers are another big mess.
In conversationabout 3 months ago from grapheneos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice