An alternate title for this post would be “Why GPG isn’t ok in 2017”. Imagine you were designing a new encrypted messaging system, what kinds of things would you worry about? You’d want to make sure you were using good encryption algorithms, authentication for senders, a high quality random number generator, maybe you’d spend some time thinking about side channels for things like message length. Unfortunately, if you’re thinking about your protocol in the context of something like...
