Peter Pentchev roam at
Thu Dec 13 11:37:11 CET 2007

On Wed, Dec 12, 2007 at 11:46:30AM -0800, nate eccels wrote:
> Does gpg have any trapdoors.

Even if it did have any, do you seriously expect anybody would come out
and say "Yes!" on the official public mailing list? :P

Humor aside, the answer ought to be "no" - although all that I can say
is "almost certainly no", since I have not myself done a full review of
the GnuPG code.  Still, there are lots and lots of people who *have* -
maintainers of GnuPG packages on all kinds of operating systems and
distributions, security researchers hoping for a quick claim to fame,
serious security researchers really interested in the risks of deploying
GnuPG in various kinds of environment...  Since nobody has come up with
anything so far, I personally am confident enough that, no, GnuPG does
not have any backdoors.

And just by the way, it really ought to be "backdoor", not "trapdoor",
when you are speaking about cryptography - because, strictly speaking,
GnuPG *does* implement various trapdoor algorithms, but that is actually
a very, very good thing :)


Peter Pentchev	roam at    roam at    roam at
PGP key:
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If there were no counterfactuals, this sentence would not have been paradoxical.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20071213/3e51058e/attachment.pgp 

More information about the Gnupg-users mailing list