Why trust gpg4win?

Johan Wevers johanw at vulcan.xs4all.nl
Fri Aug 23 18:14:25 CEST 2013


On 23-08-2013 10:37, David Smith wrote:

>> Yes, I know the mantra, and I'm sure that obvious backdoors are not
>> present because they would be found rather quickly. However, more subtle
>> bugs leading to decipherable messages can take more time to find. The
>> infamous PRNG bug in pgp 5 on Unix is a well-known example.

> True, but I'm not convinced that closed-source software has any inherent
> advantage in this respect, so if you're really that worried, then your
> only other choice is to become a cryptography expert yourself and write
> your own software...

Oh, I most certainly agree that OSS is vastly preferable over closed
source, especially with crypto software. I only state that being OSS is
not a perfect guarantee against security flaws, not even against subtle
deliberate ones.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html




More information about the Gnupg-users mailing list