GPG weakness

mirimir mirimir at
Thu Jul 25 22:00:13 CEST 2013

On 07/25/2013 12:59 PM, Manu García wrote:

> Hi.
> I'm not a member of this list, but have read an article that I'd like to
> share, and put into your knowledge (if you don't know it already) because I
> think is rather important.
> In said article, about security in the Cloud you can read this:
> «Michael Bailey, a computer security researcher at the University of
> Michigan, notes that the software attacked—an e-mail encryption program
> called GNUPrivacy guard—is known to leak information, and that the
> experiment wasn’t carried out inside a real commercial cloud environment.»
> Source:
> I always thought that GnuPG was rather secure, but it seems that among
> experts it's a well known weak and poor ciphering technology which no
> security experts consider seriously. At least that's the impression I get
> reading said article.

This work doesn't question the security of encrypted messages. It's
clear from context that they're running GnuPG on a VM in the cloud. Even
without VM-VM leakage, that's not secure, because the host can see

> Are devs taking some measures to make GPG really secure?

We trust that they are ;)

More information about the Gnupg-users mailing list