Interest in Auditing Sequoia-PGP in the Near Future - Devel - lists.sequoia-pgp.org

20 Sep 2025


      Hello Mr. Pornin!
I am interested in auditing Sequoia-PGP in my spare time both because
I rely on Sequoia-PGP to protect my safety and to build my
career in cryptographic software development.
Aside from practicing attacking crypto code on websites such as
CryptoPals (cryptopals.com)
what people, projects, and techniques can I engage in to build this
skill--both in auditing and cryptographic software development?
I am currently discussing the matter on Reddit 
(https://www.reddit.com/r/crypto/comments/1nkfat9/comment/nf9q9va/?context=3).
I came to the conclusion I am interested in auditing low-level
cryptographic primitives and protocols (e.g. Sequoia-PGP and the
primitive implementations it depends on).
On the forum another person admitted getting involved in projects such
as Sequoia is a good way to get one's foot in the door. One can also
participate in professional and hacking communities. Would the Sequoia
developers be able to recommend any to get started?
The other person on the Reddit forum admitted PQC encryption is
currently an in-demand field though we are in a "bubble". Would the
Sequoia-PGP developers agree with this?
What companies should one seek that develop and audit cryptographic
software in an ethical manner that promote privacy. Personally I use
products such as Mullvad, Bitwarden, Signal, Tuta, Posteo, etc.
How does one identify good companies for employment in the field
of cryptographic development for privacy's sake. It seems there are a
lot of political arguments about this--and certain companies have made
decisions that the privacy community (at least on forums like Reddit)
did not favor. I am just asking because I don't want to work with people
that exploit such technology for their own gains instead of caring for
privacy and freedom of speech in itself as it should be.
I would love to hear the Sequoia-PGP developer's thoughts.
Best,
Tanveer Salim
I also found Soatok's blog post on the matter insightful:
https://soatok.blog/2020/06/10/how-to-learn-cryptography-as-a-programmer/
I decided to ask you since you have experience in cryptographic development.
Please let me know your thoughts.
Thanks!
Best,
Tanveer Salim