PGPfreeware 8.0: Not so good news for crypto newcomers
Pete Chown
Pete.Chown at skygate.co.uk
Sun Dec 8 14:14:13 EST 2002
> "You may have a constitutional right to use crypto software, but someone
> has to pay the developers. Free Speech is not the same as Free Beer."
Is there really any reason to use PGP these days? PGP 2 was solid
software. I've also tried all the releases from 5 to 7 and they were
all full of bugs. They also didn't comply properly with the OpenPGP spec.
I particularly remember PGP 6. I was developing something that
generated OpenPGP packets. Gnupg was happy, PGP would die with a SEGV.
I started digging into the source code to try to find out what was
going on, but it was hopeless. The bloat factor had taken over, and it
was impossible within my deadline to find out what its problem was, and
whether the SEGV came from an exploitable buffer overrun. (Eventually I
got things to work by switching encryption algorithms or something like
that, I forget the details now.)
I hope PGP 8 is better, but at the moment I would only recommend PGP 2
and gnupg on technical grounds. Inevitably it would be gnupg because,
strangely enough, it seems to have got written in spite of the fact that
it is freies Bier und freie Rede. :-)
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list