GnuPG PRNG insecure?

Ben Pearre bwpearre at mit.edu
Thu Feb 14 21:27:02 CET 2002


> Perhaps a cash-for-bugs "bounty" isn't the right thing, but in terms
> of auditing, a little bit of money doesn't help, but if 20 people all
> throw in a little bit of money...

Money?  Pshaw.  Credit!  There could be a command-line option
--list-contributors or some such, which makes it trivial to see who
has helped with the program.  "...and the daring souls who found
security flaws in the code:..."

The key is being able to say during a job interview (OK, how many
interviewers use GPG?) or a hot date (?!) "Run this command and see my
name"... and have it take 10 seconds.

-- 
bwpearre at alumni.princeton.edu                http://hebb.mit.edu/~ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20020214/ff48df86/attachment.bin


More information about the Gnupg-devel mailing list