GnuPG PRNG insecure?
David Shaw
dshaw at jabberwocky.com
Fri Feb 15 21:33:01 CET 2002
On Thu, Feb 14, 2002 at 03:25:19PM -0500, Ben Pearre wrote:
> > Perhaps a cash-for-bugs "bounty" isn't the right thing, but in terms
> > of auditing, a little bit of money doesn't help, but if 20 people all
> > throw in a little bit of money...
>
> Money? Pshaw. Credit! There could be a command-line option
> --list-contributors or some such, which makes it trivial to see who
> has helped with the program. "...and the daring souls who found
> security flaws in the code:..."
>
> The key is being able to say during a job interview (OK, how many
> interviewers use GPG?) or a hot date (?!) "Run this command and see my
> name"... and have it take 10 seconds.
Heh. Good point. It would be far easier than saying "Go look at the
AUTHORS file"... :)
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list