GnuPG PRNG insecure?
Ben Pearre
bwpearre at mit.edu
Thu Feb 14 21:27:02 CET 2002
> Perhaps a cash-for-bugs "bounty" isn't the right thing, but in terms
> of auditing, a little bit of money doesn't help, but if 20 people all
> throw in a little bit of money...
Money? Pshaw. Credit! There could be a command-line option
--list-contributors or some such, which makes it trivial to see who
has helped with the program. "...and the daring souls who found
security flaws in the code:..."
The key is being able to say during a job interview (OK, how many
interviewers use GPG?) or a hot date (?!) "Run this command and see my
name"... and have it take 10 seconds.
--
bwpearre at alumni.princeton.edu http://hebb.mit.edu/~ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20020214/ff48df86/attachment.bin
More information about the Gnupg-devel
mailing list