How regularly is the GnuPG source code examined?

From: pv (usenet-nospam_at_segfault.co.uk)
Date: 09/26/05

• Next message: Mxsmanic: "Re: How To Abandon Microsoft"
• Previous message: Andrew Swallow: "Re: How To Abandon Microsoft"
• Next in thread: David Wagner: "Re: How regularly is the GnuPG source code examined?"
• Reply: David Wagner: "Re: How regularly is the GnuPG source code examined?"
• Reply:(deleted message) Unruh: "Re: How regularly is the GnuPG source code examined?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 26 Sep 2005 20:53:09 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've just been reading Dan Brown's Digital Fortress and, whilst a lot of
the crypto stuff in it is rather tenuous or incorrect, I got thinking about
the general premise of the story - that the NSA can 'adapt' a secure
algorithm and put a back door in it.

Sure GnuPG is open source and regarded as being pretty secure, but how many
times do people actually examine the source code to it? IF there was a
backdoor in it, how long would it last before someone actually found it?

Paul

- --
                               __\\|//__
                               (` o-o ')
- ---- www.segfault.co.uk ------ooO-(_)-Ooo--------------------------
Free, anonymous email addresses available!
(email address is genuine, to fool junkmailers)

It is time we turned the tide - David Icke
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1-sb1 (RISC OS)

iD8DBQFDOFGtxX4NYN/CpBwRAk/ZAKCHnuI/+cR9xtaAOxigSkhO3cjy6wCcD0hC
RpM6z9by8vppGCT3WQDBOqA=
=b80/
-----END PGP SIGNATURE-----

• Next message: Mxsmanic: "Re: How To Abandon Microsoft"
• Previous message: Andrew Swallow: "Re: How To Abandon Microsoft"
• Next in thread: David Wagner: "Re: How regularly is the GnuPG source code examined?"
• Reply: David Wagner: "Re: How regularly is the GnuPG source code examined?"
• Reply:(deleted message) Unruh: "Re: How regularly is the GnuPG source code examined?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How regularly is the GnuPG source code examined? ... >>Sure GnuPG is open source and regarded as being pretty secure, ... > I don't know too much about the development methodology of GnuPG ... All 14 patches which worked out of the box on the snapshot were ... > that is secure when even the developers themselves are malicious. ... (sci.crypt) Re: How regularly is the GnuPG source code examined? ... >Sure GnuPG is open source and regarded as being pretty secure, ... I don't know too much about the development methodology of GnuPG ... Probably the main defense is that there is a small core of developers ... that is secure when even the developers themselves are malicious. ... (sci.crypt) RSA implementation, please comment. ... SYNOPSIS: Is Crypt::RSA secure acceptable in open source if the ... private key password is in a browser cookie? ... The client asked me to devise "a secure way to save credit card ... (comp.lang.perl.misc) RE: IIS ... I believe that once the source code is open source, ... Subject: IIS ... are a myriad of options to hardening an IIS box than just patches. ... worked with many and would answer this with, the system is as secure as the ... (Security-Basics) Re: Bug in acroread? ... close to what acroread uses, so I guess my comparison is pretty useless. ... because the open source version is pitifully slow on this system, ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint