[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gnu PG is more Safe ?



No results about the last two books Peter! :'(

What about these books:

SSL TLS Essentials  Securing the Web
SSL and TLS Theory and Practice
Implementing SSL TLS Using Cryptography and PKI

Actually; I want to focus on the algorithms that are used on it.
Not just know or implement and doing things with these protocols!

Cheers to all,
Best Regards,

> Anthony Papillion <[email protected]> writes:
>
>>Because GnuPG is open source, it's been extensively peer reviewed and
>> found
>>safe and secure.
>
> That should actually say "because GnuPG is open source, people assume that
> someone else has extensively peer reviewed it and therefore assume that
> it's
> safe and secure".  For example there was a long-standing RNG bug that was
> very
> obvious if you looked at the code, but was only discovered by chance when
> someone who was interested in the RNG happend to read through the code and
> thought "hmm, surely that can't be right".  Having code that's open source
> doesn't help at all if no-one looks at it.
>
>>One of the best ways to learn about tech topics is reading RFC's. The
>> entire
>>way SSL/TLS operates is detailed in an RFC. Read I'd and you will be
>>infinately more informed.
>
> Argh, no.  The best way to confuse someone is to get them to read an RFC.
> Find
> a good book on the topic, e.g. for SSL/TLS there's Eric Rescorla's "SSL
> and
> TLS: Designing and Building Secure Systems".  Before that, read "Network
> Security: Private Communication in a Public World" by Kaufman et al.
>
> Peter.
>