minisign VS kyber

There are alternatives, minisign and signify.

You don't have to attach identities to public and private keys. If all you need it for is signing, then check out minisign.

If you need signatures, minisign is a similar hard-to-misuse program.

In your case, use a tool such as https://jedisct1.github.io/minisign/ to do signing/verification. GPG is another choice which is very common. It will produce a "signature" which can be embedded alongside your posts verifying that the text of the post was endorsed by someone bearing the given public key.

Claiming it's not ancient because Linux desktop distributions still use it for signing packages is a very odd argument. Most Cryptography experts (note: I'm not talking about programmers, IT professionals or people who know a thing or two about cryptography, I mean actual cryptographers) would agree that we should start using something like signify or minisign instead of the bloated mess that is GPG for signing package repositories.

minisign\ (5 comments)

I wouldn’t even be worried about the banks, any mode of encryption used for data would be at stake, but there’s already some algos that are quantum secure made by Crystal Kyber. Here’s their git repo: https://github.com/pq-crystals/kyber.git

So, question then, isn't one of the differences between this time's selection, compared to previous selections, that some of the algorithms are open source with their code available.

For example, Kyber, one of the finalists, is here: https://github.com/pq-crystals/kyber

And where it's not open source, I believe in the first round submissions, everyone included reference implementations.

Does the code being available make it easy to verify whether there are some shady/shenanigans going on, even without NIST's cooperation?

The C reference code is available: https://github.com/pq-crystals/kyber