On 04/08/11 17:11, Johan Wevers wrote:
> An even more subtle way to add a backdoor would be tampering with the
> RNG that creates the session keys and the factors in key generation. A
> bug such as this existed in the Unix version of pgp 5.0 and it took
> quite some time before it was found.
Let's not forget the bug in the Debian OpenSSL package that limited the key
generation to about 2^15 keys.
Backdoors aren't limited to software where the source is not available. It can
be subtly done so it won't be discovered. It's not always:
/* Open a shell if secret knock is received on door. Teehee. */
if (knock)
execve ("/bin/bash", ...
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
