DeepDotWeb1 claims that BCPG is insecure, and that you shouldn't buy from vendors who use it. Can anyone shed more light on the accuracy of these claims? Some well-regarded vendors (namely Avalokitesvara) use BCPG for generating their keys which gives the libraries some non-zero credibility.
[1]: aytch tea tea pea ess colon forward-slash forward-slash double-you double-you double-you dot dee ee ee pea dee oh tea double-you ee bee dot sea oh em/security-tutorials/word-warning-versions-pgp-created-equally/
What the fuck? No one wants to sound that shit out. And clearnet links aren't even filtered. Lmao
http://deepdotweb.com/security-tutorials/word-warning-versions-pgp-created-equally/