GnuPG PRNG insecure?
David Shaw
dshaw at jabberwocky.com
Fri Feb 8 15:45:02 CET 2002
On Fri, Feb 08, 2002 at 08:54:04AM +0100, Werner Koch wrote:
> What worries me most is that it needed *4 years* to figure this bug
> out _and_ report it. I'd have expected that some more people had a
> close look at those critical things. It is a very sad thing that
> there is so less truth in the claim that bugs in Free Software are
> figured out very fast - I have seen too many counterexamples :-(
Make it worth their while. Netscape used to give out money for each
verified bug report. We could give them some free beer to go with
their free software. :)
I'd be willing to throw some money into a pot for people who find
security-related bugs in GnuPG.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list