@soatok @stiiin no. RSA is fine as long as the modulus is sufficient.

the QC advances are overstated: if you read the paper, they chose intentionally weak key parameters to factor, and in any case the modulus was only 22 bits.

this isn't to say that tasteful elliptic curve cryptography (like curve25519) is bad, just that there really isn't any urgency to move away from RSA in systems which use it.

its still a valid choice, as long as there is a sufficiently large modulus. keys with 4096 or 8192 bit modulus are totally fine for the forseeable future for example, bar some major advancement in quantum computing.

but I don't see it happening this decade.

@soatok this is far worse than I thought even possible. I thought it'd stop somewhere reasonable, but nope, it kept going. And sure, this app is bad, horrible and so on, but also look at this paragraph from the article

Often when implementing encrypted messages, apps will assign users a public and private key. The public key is what other users use to encrypt messages for them, and the private key is what a user uses to decrypt messages meant for them.

I'm not a cryptography expert by any means and I get that simplification is sometimes useful, but this is a horrible way of describing end to end encryption to anyone, especially since the audience of this publication is often tech related from what I know. This is just wrong, I actually have no idea if anyone built an app which encrypts and decrypts all your messages with a single keypair in the last decade. I mean, maybe for pgp setups perhaps, but I thought we're past explaining encryption like it's the 90s, the only good available encryption is pgp and telling people that actually, having very long-term keys is a good thing.