On 24. 7. 2013 5:20, Anthony Papillion wrote:

True. So perhaps we can say it is "less likely" to have glaring bugs than it's proprietary counterparts. Sure, bugs will be overlooked or outright missed in any project of size. But with more eyes comes a better chance of bugs and backdiors being caught.

There is a paper on discovering vulnerabilities in open source and proprietary software you might find interesting: Härtig, Hermann, Claude-Joachim Hamann, and Michael Roitzsch. "The Mathematics of Obscurity: On the Trustworthiness of Open Source." Workshop on the Economics of Information Security 2010. http://weis2010.econinfosec.org/papers/session6/weis2010_haertig.pdf Kind regards Martin

Snarling disagreement, condescension and supplication, nectar and myrrh. Read books, quaintness from hell if not on SM in snippets. Inspired, the need to monetize crypto attacks rather than by "free cigarette sample" open source. That follows the well-paid bounty model of major software producers recently reported. Attackers build rep by hacks then convert to a business model, why this very list has successful graduates of this curriculum: if not extortion and exploits then by contracts, aka peacekeeping needing daily deposit of gash. It also follows the national intelligence model of grabbing open source material then classifying it as gov property sold back to the citizenry through the free market for extortionate security. Get some and copyright it. Cryptoanarchy is precisely this digital stash counterfeiting, RTF Bible by Rt Rev TCM. Tap his steel gate and die by his wildcats. Oh, and newbies are open source thieves working for OS spies, see the bible's classified Annex available by continuous automatic updates, not free to SOB TLAs running all possible crypto learning and hustling initiatives. This is WK fact, see frequent references in the archives, in the archives, oh, the archives will make you sagely numb. Need a numb sage lawyer to advise on your Crypto-AG racket? Stewart Baker is top of the sages ex-NSA, connected to all the others out to eat your baloney wich or hire you cheaply under life-wrecking NDA if a new immigrant still working in a cellar in PK. "Fuck cpunks to death." Is this still redacted here?

No results about the last two books Peter! :'( What about these books: SSL TLS Essentials Securing the Web SSL and TLS Theory and Practice Implementing SSL TLS Using Cryptography and PKI Actually; I want to focus on the algorithms that are used on it. Not just know or implement and doing things with these protocols! Cheers to all, Best Regards,

Anthony Papillion writes:

...

Because GnuPG is open source, it's been extensively peer reviewed and found safe and secure.

That should actually say "because GnuPG is open source, people assume that someone else has extensively peer reviewed it and therefore assume that it's safe and secure". For example there was a long-standing RNG bug that was very obvious if you looked at the code, but was only discovered by chance when someone who was interested in the RNG happend to read through the code and thought "hmm, surely that can't be right". Having code that's open source doesn't help at all if no-one looks at it.

...

One of the best ways to learn about tech topics is reading RFC's. The entire way SSL/TLS operates is detailed in an RFC. Read I'd and you will be infinately more informed.

Argh, no. The best way to confuse someone is to get them to read an RFC. Find a good book on the topic, e.g. for SSL/TLS there's Eric Rescorla's "SSL and TLS: Designing and Building Secure Systems". Before that, read "Network Security: Private Communication in a Public World" by Kaufman et al.

Peter.

Blibbet writes:

If there are other open source OpenPGP tools besides GnuPG and NetPGP, that would be welcome news.

cryptlib, http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html, been around for... well, longer than GPG has :-). Peter.