On 07/25/2013 12:59 PM, Manu García wrote: > Hi. > > I'm not a member of this list, but have read an article that I'd like to > share, and put into your knowledge (if you don't know it already) because I > think is rather important. > In said article, about security in the Cloud you can read this: > > «Michael Bailey, a computer security researcher at the University of > Michigan, notes that the software attacked—an e-mail encryption program > called GNUPrivacy guard—is known to leak information, and that the > experiment wasn’t carried out inside a real commercial cloud environment.» > > Source: > http://www.technologyreview.com/news/506976/how-to-steal-data-from-your-neighbor-in-the-cloud/ > > I always thought that GnuPG was rather secure, but it seems that among > experts it's a well known weak and poor ciphering technology which no > security experts consider seriously. At least that's the impression I get > reading said article.
This work doesn't question the security of encrypted messages. It's clear from context that they're running GnuPG on a VM in the cloud. Even without VM-VM leakage, that's not secure, because the host can see everything. > Are devs taking some measures to make GPG really secure? We trust that they are ;) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users