Hello I am sorry if this is a little off-topic but I am not sure where to ask. I use both, gpg and smime (the later either with gpgsm or with thunderbird)
Recently the German news magazine «Der Spiegel» [1] published more of
the «Snowden files», which reveal that gpg is NSA safe[2].
Does anybody know whether smime has the same level of security? There
are at least two possible weak spots.
- the generation and sign of the certificate, ideally the
generation of the keypair should be done by the crypto module of
the browser, but that could be hacked...
- the length of the key for the symmetric encryption.
Maybe there are others.
Any comments?
Thanks
Uwe Brauer
Footnotes:
[1] and I presume the Guardian and the New York Times as well.
[2] although the documents do not provide any information concerning
the key length and the gpg version
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
