| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <441B0F66.8030901@mibsoftware.com> Date: Fri, 17 Mar 2006 14:35:02 -0500 From: "Forrest J. Cavalier III" <mibsoft@...software.com> To: bugtraq@...urityfocus.com Subject: Re: GnuPG weak as one guy with a spare laptop. obnoxious@...h.com wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What is your point exactly? How secure are Verisign, Thawte or > anyone elses servers outside of them just stating "We take X > Precautions". Do you argue "Some chains are weak" implies "All chains are weak"? Please explain. I missed it. I'll agree that software and certs from Verisign, Microsoft, Sun, Yahoo, Citibank are also only as safe as those "X precautions". What's your point in bringing them up? I don't trust their cryptography software the way I trust GnuPG, so I'm not interested in discussing them specifically. It's easy to get "gpg --verify" to exit(0), but what that exit code _means_ matters to me, and that is determined by the precautions at the end points. Do you have any knowledge of what those X precautions are, or if they can be improved for GnuPG? Forrest P.S. I forgot to mention that I appreciate the honesty of Werner Koch's "spare laptop disclaimer." Big corporations should be as transparent and honest. Truth is there are many who are more lax than Werner Koch, but say they are more dilligent.
Powered by blists - more mailing lists