Why trust gpg4win?
Anthony Papillion
anthony at cajuntechie.org
Fri Jul 26 23:53:27 CEST 2013
On Jul 26, 2013, at 4:02 PM, "Jan" <takethebus at gmx.de> wrote:
>
> Still I wonder whether there are many sources for SHA1 sums of
> gpg4win, that could be used by a windows user to test the integrity
> of his download (C't ?). Are the SHA1 sums of gpg4win presented on
> the download site checked regularly by their authors?
If we believe Edward Snowden, the Security Services likely aren't
working to slip secret code into GPG anymore. Or at least it's not a
huge effort. With the endpoints (operating systems, software, etc)
they don't have to. There are a million different ways that a security
service could get at your data even if your encryption software is
absolutely perfect an unvompromised. Honestly, I'd worry much more
about the surround environment than the gpg code itself. That's not to
say ignore the code and it's integrity, but don't fall into the trap
of believing that, just because the badges check out, you're
completely safe.
Best Regards,
Anthony Papillion
More information about the Gnupg-users
mailing list