State of the W32 version

Werner Koch
Sun, 21 May 2000 20:51:38 +0200


here is my second try on explaining the current state of the Windows 95
etc. version of GnuPG.  The first one was eaten up by Mutt for some unknown
reason.  I guess I hit the wrong key while using a German keyboard at
home - so back to my Vaio:

 o  GnuPG for W32 (the version which uses the Win^B^B32 API: Windows 95, 98,
    NT) has a few minor bugs.  One that come into my mind is a problem with
    not working localtime() et al. functions in the MS C runtime.  You may
    see timestamps a few hours off.  

    I do not think that this is a very serious problem has computer clocks 
    tends to be wrong on may boxes.  If you really need a timestamp you have
    to use some trusted timestamping service anyway, 

    Fix should be easy but has not yet been done.

 o  There are some problem reports concerning the entropy DLL which does not
    seem to work on some machines (some AMD CPUs and all Windows2000
    versions).  These problems just make GnuPG spinning around to wait for
    more entropy - because Windows/entropy.dll has no self-healing service
    it just son't do it's job.

    There is no security problem with that.  GnuPG is very conservative when
    estimating the quality of random data.  The usual Windows backdoors are
    the cracker's better friends than GnuPG itself.  If you have some
    serious doubts about the RNG, please, please tell us here (please use 
    private mail if you figure out a really serious flaw - but check twice).

    The whole RNG thing in GnuPG is based on Peter Gutmann's Cryptlib ideas
    and some code (rndunix.c) acually has been taken from it.  I am
    currently in the process of rewriting the rndw32.c driver to avoid the
    use of an extra dll (which is also based on Peter's ideas) which can't
    be compiled with out cross-compiling system MingW32/CPD.  If you trust
    Peter's Cryptlib - which is a very fine piece of software - you may
    consider to have a little bit of trust into GnuPG RNG code, 
 o  A GUI - Hmm. there are some for Unix and we are currently working on the
    GNU Privacy Assistant.  It already does some things but needs a lot of
    more work.  The Good Thing with GPA is that the same code base is used 
    for Unix and Windows.  It took me just a few hours to do the initial
    port (and many hours to figure out how handles are inherited) - now we
    can build a W32 version or a GNU version from the same code using our
    usual development environment and VNC to test on NT, W95, W98.

The next version 1.0.2 should be usable under W32 like the current one is on 
Unix.  Volunteers for testing the new RNG code on many W32 configurations are 
required before we can release it ;-) 


Werner Koch                                        OpenPGP key 621CC013
OpenIT GmbH                                        Tel +49 211 239577 0
Birkenstr. 12                                      email
D-40215 Duesseldorf