@arstechnica yes, password-protected zip files are just an illusion of privacy.
In fact, these researchers were not using them for privacy, but as a way of sending malware samples to each-other without being stopped by the malware scanners.
What I don't understand is why so many banks and financial institutions are so fond of them. They keep sending sensitive information via email on password-protected zip files where the password is your ID or your birthday... 🙄
Proper end-to-end encryption has been around for decades. 🤷♂️
In case it helps someone else: To change the #OpenPGP smartcard PIN on my #YubiKey, gpg --change-pin does NOT work for some reason. Using gpg --card-edit and putting admin and then passwd into the prompt lets me do it though.
I pushed another update for #Sequoia#OpenPGP (version 1.16.0), which fixes a handful of parser bugs that could result in crashes caused by out-of-bounds array accesses. All affected applications were rebuilt with the new version. 🕶️
This also included the latest version of sequoia-octopus-librnp, which provides better compatibility with recent versions of #Thunderbird.
Updating sequoia-sq to the latest version is still blocked, because some of the new dependencies have blocking issues 😐
#OX (XEP-0373, XEP-0374: #OpenPGP for #XMPP, without security problems of historical XEP-0027) implementation has been merged to #Libervia, thanks to Syndace again, and #NLnet for their funding.
OX doesn't have PFS (https://en.wikipedia.org/wiki/Forward_secrecy) but that means that new devices can access archives, which may be desirable. Also, it can encrypt arbitrary elements.