It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by NoSoup4U
Our government has a "master key" for gpg and pgp too, but it ONLY works with gnupg versrions higher than gnupg-w32cli-1.2.2 . How do I know this? Well, I use gpg encryption in my current job all the time. It is 2048 bit ElGamel encryption that is done through the commandline. For some of the idiots I work with, I wrote a GUI front end completely using JAVA. Anyway, if you can find the version gnupg-w32cli-1.2.2 and use it, there will be no worries for the real paranoid person.
Originally posted by joesomebody
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?
I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.
I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.
Originally posted by joesomebody
Anyway, if there were a backdoor, wouldn't there be enough open source users and contributors that would break a story reporting it?
I mean, if the people who contribute code don't catch a backdoor that's actually there, wouldn't a few users end up getting arrested or something, bringing the news to light as well? I mean, since gnupg is used by probably millions of people, and the code is inspected by thousands of people every month, you'd think such a flaw/backdoor would be discovered.
I am a part of several projects, and mistakes get noticed pretty quickly. Imagine how fast a security flaw, then, would get noticed.
Originally posted by AlchemicalMonocular
No.
Take one of the most necessary and most utilized security projects that also uses encryption. Truecrypt.
No code review. This is much more the norm than the rule. No review done especially after initial project release.
Originally posted by H1ght3chHippie
The matter is rather simple.
There is no such thing as unbreakabke encryption.
Encrypting something only makes sense if there does exist a way to decrypt it.
When agents were unable to decrypt the computer, the grand jury issued a subpoena demanding the defendant produce any documents reflecting any passwords associated with the computer