Re: the safety of gnupg
- From: Todd Zullinger <tmz@xxxxxxxxx>
- Date: Wed, 31 May 2006 23:53:23 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tim wrote:
Tim:
I've just been reading some rather silly things about gnupg except
for one practical point: Who has actually checked the source code
for it to see whether it's trustworthy, etc?
And, of course, the next thing would be: Who would they be that
we could trust them, too? After a bit of Googling around, I'm
darned if I can find out, nor think of the right terms to search
for.
Bruno Wolff III:
gnupg is much less likely to have an intentional back door than
anything you get from a corporation.
That's a pretty broad brush you're painting with Bruno. :)
I do tend to agree though. I just wouldn't paint with such a dark
shade.
I tend to think so, too. But with something as important as gnupg,
considering that it, or some pgp-compatible thing, is used in
signing and checking packages, it ought to be verified as safe.
Both from things like backdoors, and just plain old mistakes. From
what I've seen, the mathematics of how to do PGP would seem to be
considered as reliable, but that's just the scheme. You also have
to check that the application is done right.
It's very difficult. The most recent flaws found in gnupg were around
for years before anyone found them. Noted security and crypto guru
Bruce Schneier wrote about that in his blog[1] and wrote an article a
few years before on open source security[2].
Another article was written by John Viega, one of the original authors
of Gnu Mailman, titled "The Myth of Open Source Security." In it he
talks about vulnerabilities that existed for years in Mailman without
anyone noticing.
Additionally, if you really want to be secure you have to audit much
more than just the gnupg package. After all, what would be the point
of making sure it's bullet proof if the underlying system libraries
that it uses are compromised or if your system is trojaned by some
obscure package that made it into extras? Anyone care to bet how easy
it might be to do a lot of damage intentionally before anyone noticed?
For a fascinating read (even if much of it is over my head), check out
Ken Thompson's "Reflections on Trusting Trust[3]."
All of that said, it's also good to keep in perspective that security
is never absolute and be able to weigh the risks versus the gains from
any measure you take. Sure, you can guarantee you'll never get
trojaned if you never use a computer, but that's going to an extreme.
:-)
One argument I see put forward about PGP, et al, is that anybody who
had found a flaw would be proudly crowing about it, but nobody has
so far. Though that's countered by anyone who'd found a flaw
because they wanted to exploit it, would be keeping it to
themselves.
Yes, this is a very good counter point. You have to have a lot of
hope that a good guy finds the holes before the bad guys do.
There was just a post on Bugtraq about a "nasty" security bug in PGP
and Truecrypt disk encryption. It even sounded bad on first read, but
it turns out that the folks that wrote the advisory are simply on
crack[4].
And after all that text, I don't have an answer to your question of
whether anyone has published a source code audit of gnupg. You may
want to try asking this question on the gnupg-users list to see if any
of the developers can point you to one. I think all the main devs
read that list. David Shaw and Werner Koch post there often and are
generally helpful and responsive fellows.
[1] http://www.schneier.com/blog/archives/2006/03/huge_vulnerabil_1.html
[2] http://www.schneier.com/crypto-gram-9909.html#OpenSourceandSecurity
[3] http://www.acm.org/classics/sep95/
[4] http://www.securityfocus.com/archive/1/435007/30/150/threaded
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Friends may come and go, but enemies accumulate.
-- Thomas Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iG0EARECAC0FAkR+ZLMmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1qsowCfTumwH8t28rMDi2C8BlMRaMez1vgAoLP2Yitd
QZPz6OKymIs2UJLNbAY3
=giBC
-----END PGP SIGNATURE-----
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- Re: the safety of gnupg
- From: Bruno Wolff III
- Re: the safety of gnupg
- References:
- Re: the safety of gnupg
- From: Tim
- Re: the safety of gnupg
- Prev by Date: Re: LCD brightness
- Next by Date: Re: PDF files with Japanese fonts.. How to view?
- Previous by thread: Re: the safety of gnupg
- Next by thread: Re: the safety of gnupg
- Index(es):
Relevant Pages
|
