GnuPG crypto library cracked, look for patches
What they found is that the libgcrypt library used what's called “sliding windows”, a method for carrying out the mathematics of cryptography – but one that's known to leak data. ... What they found was an unpleasant surprise: a complete break of the library's RSA-1024... <https://www.theregister.co.uk/2017/07/04/gnupg_crypto_library_cracked_look_for_patches/> Cue the conspiracy theorists lining up to say “Given the controversy surrounding GnuPG and the way they operate, one just has to wonder "bug or backdoor?"”
Oh, I didn't know we were doing snark on this list? Or is it simply an attempt at dismissing the obvious with ridicule? systemd has been mired in controversy since they began bullying their way into every corner of linux .... unless you've been hiding under a Waikato river rock the controversy hasn't been difficult to miss. It is well documented in many articles, google "systemd controversy" for example but I think enough has been said without escalating the controversy further, systemd should be approached with more than a healthy amount of suspicion ... libgcrypt is a dedicated crypto library that has nothing to do with systemd btw and RSA-1024 is not really used anymore in practice since it's basically obsolete. On Wed, 2017-07-05 at 07:39 +1200, Lawrence D'Oliveiro wrote:
What they found is that the libgcrypt library used what's called “sliding windows”, a method for carrying out the mathematics of cryptography – but one that's known to leak data.
...
What they found was an unpleasant surprise: a complete break of the library's RSA-1024...
<https://www.theregister.co.uk/2017/07/04/gnupg_crypto_library_cracked_look_for_patches/>
Cue the conspiracy theorists lining up to say “Given the controversy surrounding GnuPG and the way they operate, one just has to wonder "bug or backdoor?"” _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
On Wed, 05 Jul 2017 11:42:06 +1200, gb wrote:
systemd has been mired in controversy since they began bullying their way into every corner of linux ....
I have no idea how a Free Software project can “bully” its way into “every corner of Linux” ... which as you know is also a Free Software project. Which means you are Free to use it or not, as you choose. Some people choose not to use it, many others prefer it.
... unless you've been hiding under a Waikato river rock the controversy hasn't been difficult to miss. It is well documented in many articles ...
I see a lot of claims about a “controversy”, but it seems to be a lot of smoke with no fire. For example, repeated assertions that systemd is monolithic when in fact it is very modular, and you can build just the pieces you need (like with the Linux kernel, which suffered similar criticisms from the microkernel crowd in earlier times). systemd has become popular because it solves a whole lot of outstanding problems under one elegantly unified architecture. Like any piece of Free software, it has to succeed on its own merits, it has no big corporate backer with marketing muscle comparable to Microsoft or whoever to force it down the throats of people.
participants (2)
-
gb -
Lawrence D'Oliveiro