Comment and Version lines leak information

Anonymous nobody at
Mon Aug 6 06:20:01 CEST 2001

This is a nit, but why is it the default for gpg to output version and
comment strings in ASCII armor blocks?

A security program should not, by default, leak information.  There's
no compelling reason why anybody should know which OS you are using,
and there is a good reason not to advertise: it makes it easier for
attackers to exploit known security holes.  Likewise, it is
undesirable to publish the version of the encryption program you are

Anybody who wants to do so (for what reason I cannot imagine), they
can always turn on these features or add a couple lines to their
config file.

More information about the Gnupg-devel mailing list