(important, especially for vendors) Using the correct PGP software

This was posted on the SR forums and talks about how several PGP software is not very secure. He specifically mentions kelopatra/gpa, portable pgp (or any java PGP) are weak. He mentions the best piece of software to use is gpg4usb. You can get it here:

http://gpg4usb.cpunk.de/index.html.

I switched to using this and I like it a lot. Its actually very easy to use (definitely easier to kleopatra) and doesn't have to be installed. I should not that this software generates keys properly so it may take longer. It uses noise form I/O for generating random numbers so doing stuff while to key is being generated will speed it up.

Here's the full article posted at SR:

https://silkroad5v7dywlc.onion/index.php?topic=1760.0

PS: use a 4096 bit key. That should be secure from the NSA until 2040-2050

PSS: it might be a good idea to sticky this for a little while. I've noticed many vendors using bad PGP software and keys that are only 1024 bit. All vendors should be using AT LEAST a 2048 bit key, but 4096 bit would be best.


Comments


[2 Points] None:

the article link is down for me, please explain what exactly is not secure?


[1 Points] None:

I use GPA. It can go up to 4098bit. So how is this decryption software better?


[1 Points] reaperx2:

Check out the SR forum link it explains the problems.


[1 Points] InfinitelyOutThere:

Is GPG tools ok?


[1 Points] kirkkommander:

Keep in mind that people can use the safest most secure software in the world, and aren't any more protected if they're not using basic common sense like random usernames and complex passwords.