April 25, 2026

Quantum panic vs one-line changelog

Article URL →HN comments →

GnuPG – post-quantum crypto landing in mainline

GnuPG adds quantum‑proof locks — fans cheer, cynics shrug

TLDR: GnuPG 2.5.19 adds Kyber, a “quantum‑resistant” encryption option, and urges users to move off 2.4 soon. Commenters split between applause for quiet, serious progress, jokes about overhyped quantum fears, and practical questions about which option to use and how fast it is.

GnuPG just dropped version 2.5.19, and the big headline is simple enough to fit in a tweet: it adds a “quantum‑resistant” lock called Kyber (also known as ML‑KEM, a new U.S. standard called FIPS‑203). Translation: it’s designed to protect your messages even if future super‑computers arrive. There are Windows improvements, bug fixes, and a warning that the old 2.4 line hits end‑of‑life in two months. It’s classic GnuPG: mission‑critical, donation‑powered, and announced by plain‑text email — complete with that ever‑present Snowden quote.

But the comments? That’s where the fireworks are. One camp is cackling at the mismatch between years of “quantum doom” headlines and GnuPG’s chill one‑liner — as one user quipped, “Funny to read 1‑liner changelog…” Another camp is in practical mode: Which algorithm do I use? Will it be slower? Meanwhile, the cynics are out in force: “now my emails that nobody’s reading anyway are safe from quantum computers that don’t exist yet.” And then there’s the reverent chorus, tipping their hats to Werner Koch for quietly shielding the internet since the ‘90s, sending out updates by mailing list while the rest of tech chases Medium posts. The vibe is equal parts applause, eye‑roll, and “tell me what button to press.” If you want the receipts, here are the release notes and the download page.

Key Points

  • GnuPG 2.5.19 is released with new features and multiple bug fixes, maintaining backward compatibility.
  • The 2.5 series adds Kyber (ML‑KEM/FIPS‑203) for post‑quantum encryption and improves 64‑bit Windows support.
  • New options include gpg’s --use-ocb-sym and --show-[only-]session-hash; gpgsm gains cipher‑mode selection and improved CRL DP error details.
  • Fixes span gpg, gpgsm, agent, ssh, and gpgtar, including PKCS#12/PBES2 import compatibility (German Telekom), RSA padding corrections, and de‑vs compliance updates.
  • The 2.4 series reaches end‑of‑life in about two months; users are directed to download 2.5.19 from official mirrors and the GnuPG file server.

Hottest takes

"Funny to read 1-liner changelog" — utopiah
"someone just tell me what algo to use" — trueno
"now my emails that nobody's reading anyway are safe from quantum computers that don't exist yet" — immanuwell

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.