Re: How regularly is the GnuPG source code examined?
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 09/28/05
- Previous message: B-Con: "Re: How many attackers can compute 2^30 operations??"
- In reply to: Unruh: "Re: How regularly is the GnuPG source code examined?"
- Next in thread: Francois Grieu: "Re: How regularly is the GnuPG source code examined?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 04:16:11 +0000 (UTC)
Unruh wrote:
>daw@taverner.cs.berkeley.edu (David Wagner) writes:
>>I already gave one example of an apparently accidental bug in PGP that
>>(a) allowed to attacker, intercepting only the output of the program,
>>to gain enough information to decrypt it easily; (b) could have been
>>inserted by an insider; (c) was in fact not detected for a long time.
>
>I vaguely recall that it was in the behaviour of the random number
>generator wasn't it? Ie, the entropy of the generator was far smaller than
>it should have been.
Right.
- Previous message: B-Con: "Re: How many attackers can compute 2^30 operations??"
- In reply to: Unruh: "Re: How regularly is the GnuPG source code examined?"
- Next in thread: Francois Grieu: "Re: How regularly is the GnuPG source code examined?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
