Skip to content
{ 2007 12 20 }

GnuPG Turns 10

Happy Birthday to the GnuPG team and community. GnuPG turns 10 today! For those caught unaware, GnuPG was designed to be a Free Software implementation of PGP, removing the patented algorithms, such as RSA and IDEA, and replacing them with Free Software algorithms, such as Blowfish and ElGamal. Being a strong advocate of GnuPG and cryptography in general, this is great news. Werner Koch mailed the GnuPG-Announce mailing list, giving a brief history of the project. Worth a read for anyone who uses GPG.

Posted by Aaron on Thursday, December 20, 2007, at 8:34 am. Filed under Cryptology, OSS. Follow any responses to this post with its comments RSS feed. You can post a comment or trackback from your blog.

{ 2 } Comments

  1. maks using Epiphany Epiphany 2.14 on Debian GNU/Linux Debian GNU/Linux | December 20, 2007 at 9:50 am | Permalink

    gnugpg should implement better coding style. it is a shame how many security updates it generates and even current state is quite dubious. See for example the fefe auditing that gave no response of Werner Koch.

    [Reply]

  2. Mark A. Hershberger using Epiphany Epiphany 2.20 on Linux Linux | December 20, 2007 at 3:36 pm | Permalink

    Under GPG’s response to CVE-2006-6235, Werner Koch writes:

    However, for reasons of code cleanness and easier audits we will soon start to change all these stack based filter contexts to heap based ones.

    And another place, he says

    This problem has been in GnuPG since the beginning but Jim seems to be the first one who noticed that. We need better auditing folks!

    So, it looks to me like he is responsive and even proactively changing things (e.g. stack- to heap-based).

    The only announcment I found of the fefe patch was on the full disclosure mailing list and it isn’t clear that he actually notified Werner Koch with a copy of the patch.

    [Reply]

Post a Comment

Your email is never published nor shared. Required fields are marked *

Powered by WP Hashcash