On 23-08-2013 10:37, David Smith wrote: >> Yes, I know the mantra, and I'm sure that obvious backdoors are not >> present because they would be found rather quickly. However, more subtle >> bugs leading to decipherable messages can take more time to find. The >> infamous PRNG bug in pgp 5 on Unix is a well-known example.
> True, but I'm not convinced that closed-source software has any inherent > advantage in this respect, so if you're really that worried, then your > only other choice is to become a cryptography expert yourself and write > your own software... Oh, I most certainly agree that OSS is vastly preferable over closed source, especially with crypto software. I only state that being OSS is not a perfect guarantee against security flaws, not even against subtle deliberate ones. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
