Image of the glider from the Game of Life by John Conway
Skip to content

GnuPG Turns 10

Happy Birthday to the GnuPG team and community. GnuPG turns 10 today! For those caught unaware, GnuPG was designed to be a Free Software implementation of PGP, removing the patented algorithms, such as RSA and IDEA, and replacing them with Free Software algorithms, such as Blowfish and ElGamal. Being a strong advocate of GnuPG and cryptography in general, this is great news. Werner Koch mailed the GnuPG-Announce mailing list, giving a brief history of the project. Worth a read for anyone who uses GPG.

{ 2 } Comments

  1. maks | December 20, 2007 at 9:50 am | Permalink

    gnugpg should implement better coding style. it is a shame how many security updates it generates and even current state is quite dubious. See for example the fefe auditing that gave no response of Werner Koch.

  2. Mark A. Hershberger | December 20, 2007 at 3:36 pm | Permalink

    Under GPG's response to CVE-2006-6235, Werner Koch writes:

    However, for reasons of code cleanness and easier audits we will soon start to change all these stack based filter contexts to heap based ones.

    And another place, he says

    This problem has been in GnuPG since the beginning but Jim seems to be the first one who noticed that. We need better auditing folks!

    So, it looks to me like he is responsive and even proactively changing things (e.g. stack- to heap-based).

    The only announcment I found of the fefe patch was on the full disclosure mailing list and it isn't clear that he actually notified Werner Koch with a copy of the patch.

Post a Comment

Your email is never published nor shared.