control channel???
Tavis Ormandy
taviso at sdf.lonestar.org
Sat Jan 13 19:06:55 CET 2007
Bernhard Reiter <bernhard at intevation.de> wrote:
> There is some criticism by Felix von Leitner about the gnupg code in
> German:
>
> http://blog.fefe.de/?ts=bb581702
>
> I cannot evaluate it, but as it is published anyway, I thought you
> might be interested to know. Explaining the code in question seems
> useful.
>
> Bernhard
>
I audited the code in question in detail a few months ago, and found
no problems. I cant read german, but if he is complaining about the
volatile trick, I suspect it is used so as not to deplete any entropy
pool, which seems perfectly reasonable to me (it doesnt buy an attacker
any advantage if he can guess it).
Id be interested to hear any attack I might have missed, could any
german speakers give a rough translation?
Thanks, Tavis.
--
-------------------------------------
taviso at sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------
More information about the Gnupg-devel
mailing list