Frontends for Windows

Marc Mutz
Tue Nov 20 13:11:01 2001

Hash: SHA1

On Monday 19 November 2001 16:54, Silviu Cojocaru wrote:
> How do you know that the security level of GPGShell is *low*,
> have you done any testing, have you tried catching the input or
> detecting the certain area of the memory where it keeps the
> password just before passing it to gpg ?
> Words in vain won't solve anything, do extensive testing, prove
> that GPGShell is a risky piece of software then make accusation,
> but not before, let's try to be fair.

OK. Let's get scientific for a moment. Consider a piece of software. How 
do you define "it is secure"? Can you prove it has no vulnerabilities? 
No. Can anyone prove it? No. You can't _prove_ it has no 
vulnerabilities or waeknesses (except in some very, very special 
cases). All you can prove is that is insecure (ie. find a 
vulnerability). So if you can't prove "security", how do you define the 

The scientific community defines it roughly this way:
"A thing is secure, if it has survived a long period of public scrunity 
without being broken." (where "Thing" includes "algorithm", 
"implementation", "software product", "hardware product", etc.) Read 
Bruce Schneier's cryptogram or ask any cryptographer at your local 
university. That is really the only viable definition of "security". 
Also, "security" is not a boolean value. Something isn't secure or it 
isn't. It's a gradual and relative measure. Also, it's a measure that 
has the property of changing over night sometimes (new kinds of 

The best definition of "secure" IMO then is: "A thing is the more 
secure, the longer it has withstood public scrunity and the harder the 
public effeord to break it was."

Eg. AES can be considered quite secure, because the best cryptgraphers 
in the world tried their best to break the algorithms over a period of 
three years. No-one succeeded.

But Triple-DES can be considered even more secure, because it's parent, 
DES, has withstood more than twenty years of cryptanalysis by thousands 
of talented and less talented cryptographers and they still haven't 
found a flaw. It's only that it's key is too short... 3DES accquires 
this confidence and already survived a ten-year period of public efford 

So now - in the light of the scientifc definition - is GPGShell 

No, it isn't. If it was, it would have been analyzed by many different 
cryptogrpahers and security experts. Over a long time. Both did not 
happen (it's closed source and it's young).

Is gnupg secure? No. Is it more secure than gpgshell? Certainly. Why?
1. Because it's open source, so anyone who cares can audit the code
2. Because it's a pivotal piece of SW in the OpenPGP community and thus 
get's more attention.
3. Because it has been around for some time now.

> Watching BUGTRAQ for quite a while now, and I did not see
> GPGShell announced as having problems... this should mean
> something yes?

Yes. It could mean three things:
1. Nobody cares to check it because it's not a pivotal piece of SW.
2. Nobody cares to check it because it's source isn't readily available.
3. It really has no vulnerabilities.

Now, honestly: Which options do you think are the most likely ones? ;-)


- -- 
FTAA's anti-circumvention provisions represent US imperialism at its
worst. They seek to impose restrictive laws on both the US and other
countries, in order to prevent established US businesses from facing
both domestic and foreign competition.
              -- EFF FTAA Alert:
                 Stop Hollywood Forcing Technology Ban on 34 Countries
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see