GnuPG PRNG insecure?
David Shaw
dshaw at jabberwocky.com
Thu Feb 14 20:40:01 CET 2002
On Sun, Feb 10, 2002 at 06:42:51PM +0100, Werner Koch wrote:
> On Fri, 8 Feb 2002 09:41:56 -0500, David Shaw said:
>
> > I'd be willing to throw some money into a pot for people who find
> > security-related bugs in GnuPG.
>
> The main problem is that it needs expierenced programmers to find the
> non trivial bugs. Those programmers are usually writing new code or
> fixing old one and don't have the time to screen other programs and it
> is not so interesting to do audits - especially not on a unpaid or low
> paid basis. So I don't believe that a little bit money will help.
Perhaps a cash-for-bugs "bounty" isn't the right thing, but in terms
of auditing, a little bit of money doesn't help, but if 20 people all
throw in a little bit of money...
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list