GPG weakness
mirimir
mirimir at riseup.net
Thu Jul 25 22:00:13 CEST 2013
On 07/25/2013 12:59 PM, Manu García wrote:
> Hi.
>
> I'm not a member of this list, but have read an article that I'd like to
> share, and put into your knowledge (if you don't know it already) because I
> think is rather important.
> In said article, about security in the Cloud you can read this:
>
> «Michael Bailey, a computer security researcher at the University of
> Michigan, notes that the software attacked—an e-mail encryption program
> called GNUPrivacy guard—is known to leak information, and that the
> experiment wasn’t carried out inside a real commercial cloud environment.»
>
> Source:
> http://www.technologyreview.com/news/506976/how-to-steal-data-from-your-neighbor-in-the-cloud/
>
> I always thought that GnuPG was rather secure, but it seems that among
> experts it's a well known weak and poor ciphering technology which no
> security experts consider seriously. At least that's the impression I get
> reading said article.
This work doesn't question the security of encrypted messages. It's
clear from context that they're running GnuPG on a VM in the cloud. Even
without VM-VM leakage, that's not secure, because the host can see
everything.
> Are devs taking some measures to make GPG really secure?
We trust that they are ;)
More information about the Gnupg-users
mailing list