← Back to context

Comment by swalladge

7 years ago

Something I'm curious about - if GPG uses such old/not-recommended encryption standards, is it still secure in the sense that if I gpg encryption something and post it online, a three letter agency will be still unable to decrypt it?

There are two ways that breaks:

- your key won’t be private forever but future compromise does mean past disclosure

- on long enough timescales if said TLAs can mount offline attacks against it.

So, maybe? But it’s definitely the safest way to do it, most of GPGs problems are unforced interaction errors.