control channel???

Tavis Ormandy taviso at
Sat Jan 13 19:06:55 CET 2007

Bernhard Reiter <bernhard at> wrote:

> There is some criticism by Felix von Leitner about the gnupg code in
> German:
> I cannot evaluate it, but as it is published anyway, I thought you
> might be interested to know. Explaining the code in question seems
> useful.
> Bernhard

I audited the code in question in detail a few months ago, and found
no problems. I cant read german, but if he is complaining about the
volatile trick, I suspect it is used so as not to deplete any entropy
pool, which seems perfectly reasonable to me (it doesnt buy an attacker
any advantage if he can guess it).

Id be interested to hear any attack I might have missed, could any
german speakers give a rough translation?

Thanks, Tavis.

taviso at | finger me for my pgp key.

More information about the Gnupg-devel mailing list