January 4, 2026
Pretty Grumpy People
The PGP Problem (2019)
PGP gets roasted as outdated while fans shout “it saved Snowden”
TLDR: Experts say PGP is outdated and overloaded, sparking a fiery debate over ditching it versus modernizing it. Commenters split between “it saved Snowden” defenders and “install minisign and move on” pragmatists, with fresh conference demos reviving fears and making this old tool’s future a hot-button issue.
Cryptographers are dunking on PGP, calling it a 90s-era Swiss Army knife that tries everything and nails nothing. The piece slams PGP’s clunky “packet soup,” confusing key rings, and ancient defaults—basically saying modern crypto moved on and PGP didn’t. Cue the comments section melting down. Some are cheering the takedown, others are clutching their keychains like heirlooms.
One user says this debate is back because hackers dropped fresh demos at a conference (CCC), adding fuel to the fire. Another hilariously begs for a better link because it goes straight to the end of the page—peak internet chaos. A passionate defender insists the “Swiss Army knife” vibe is the point: GPG’s all-in-one keys, revocations, and web-of-trust are what make it powerful, and they want a modern version that keeps the utility without the pain. Meanwhile, the “move on already” crowd pushes pragmatic escape routes: preinstall minisign so people can ditch PGP without breaking everything.
The spiciest flashpoint? A reminder that “gpg protected Snowden,” with a side-eye at the article’s nods toward tools from controversial cryptographers (link). It’s part nostalgia, part survival instinct, and part meme—call it Pretty Grumpy People. The community’s split between “retire it” and “modernize it,” and nobody’s putting down their multitool without a fight.
Key Points
- •The article argues PGP (including OpenPGP/GnuPG) embodies outdated design choices from the 1990s and persists despite long-known issues.
- •PGP’s packet format is highly complex (multiple length encodings, subpackets, overlapping variants), contributing to parsing vulnerabilities, including a cited keyserver-related issue in GnuPG.
- •PGP’s feature breadth (keys/subkeys, key servers, signatures, multiple keyrings, revocation, compression, smartcards) is presented as unnecessary complexity that degrades usability and security.
- •Default or common PGP cryptographic choices include 2048-bit RSA, CAST5 (64-bit block cipher) in CFB mode, and OpenPGP’s MDC; password encryption uses S2K for key derivation.
- •Modern best practices highlighted include authenticated encryption, avoiding 64-bit block ciphers and CFB, not mixing compression with encryption, and using time- and memory-hard KDFs—practices the article claims PGP users typically do not achieve.