Re: How regularly is the GnuPG source code examined?

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 09/28/05

• Next message: tomstdenis_at_gmail.com: "Re: How regularly is the GnuPG source code examined?"
• Previous message: Milan VXdgsvt: "Re: How regularly is the GnuPG source code examined?"
• In reply to: Unruh: "Re: How regularly is the GnuPG source code examined?"
• Next in thread: Unruh: "Re: How regularly is the GnuPG source code examined?"
• Reply: Unruh: "Re: How regularly is the GnuPG source code examined?"
• Reply: Francois Grieu: "Re: How regularly is the GnuPG source code examined?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 27 Sep 2005 22:41:51 +0000 (UTC)

Unruh wrote:
>So, let us restrict ourselves to asking whether the program could be
>altered in such a way that the attacker, intercepting only the output from
>the program, could gain enough information to decrypt it easily. Could such
>a backdoor be installed undetectibly into the program. I would argue no.

I already gave one example of an apparently accidental bug in PGP that
(a) allowed to attacker, intercepting only the output of the program,
to gain enough information to decrypt it easily; (b) could have been
inserted by an insider; (c) was in fact not detected for a long time.
I am sure one could find other such examples. If it possible for this
to happen by mischance, I think we'd better be prepared that it could
happen due to malice, too.

• Next message: tomstdenis_at_gmail.com: "Re: How regularly is the GnuPG source code examined?"
• Previous message: Milan VXdgsvt: "Re: How regularly is the GnuPG source code examined?"
• In reply to: Unruh: "Re: How regularly is the GnuPG source code examined?"
• Next in thread: Unruh: "Re: How regularly is the GnuPG source code examined?"
• Reply: Unruh: "Re: How regularly is the GnuPG source code examined?"
• Reply: Francois Grieu: "Re: How regularly is the GnuPG source code examined?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How regularly is the GnuPG source code examined? ... >>altered in such a way that the attacker, intercepting only the output from ... could gain enough information to decrypt it easily. ... the entropy of the generator was far smaller than ... (sci.crypt) Re: How regularly is the GnuPG source code examined? ... > allowed to attacker, intercepting only the output of the program, ... > to gain enough information to decrypt it easily; ... (sci.crypt) Re: Firewall/Windows/Security ... Would it be possible for a attacker to gain complete control to a computer ... something which allows them to execute arbitrary code to gain higher ... (alt.computer.security) Re: Strength of RSA with known plain-text. ... >]an attacker has, ... > That is also true of secret key systems. ... a secret message that an attacker can never decrypt. ... (sci.crypt) NetBSD Security Advisory 2003-003 Buffer Overflow in file(1) ... If fileis run over a specially constructed ELF file, ... if an attacker can somehow induce ... may gain any system privileges the victim possesses. ... (Bugtraq)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint