|
Size: 982
Comment: new page created
|
Size: 3778
Comment: better phrasing of comment on EFF scorecard
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| === English * [[https://www.eff.org/de/secure-messaging-scorecard|EFF's Secure Messaging Scorecard]] , accessed 2014-11-06. Lists Gpg4win with "PGP for Windows" with the following attributes (//With early comments from -- [[bernhard]] <<DateTime(2014-11-06T16:42:19Z)>>//)) ** Encrypted in transit? Yes. ** Encrypted so the provider can’t read it? Yes. //Comment: with most messagers, the server provider also provides the software.// ** Can you verify contacts’ identities? Yes. ** Are past comms secure if your keys are stolen? No. //Comment: forward secrecy means an extra key-exchange before a message can be send. ~OpenPGP works offline, thus cannot provide it without losing this ability. And if you delete the used subkeys, the communication is "secure".// ** Is the code open to independent review? Yes. ** Is security design properly documented? Yes. ** Has the code been audited? No. //Comment: This is a wobbly argument, why would someone demand a fresh design audit, if an unchanged design is older than 12 month. Also code audits do not cover or find everything, you could also demand a high automatic test coverage or fuzzy testing with similiar wobbly results. Given that GnuPG is around a long while, many independent people looked at the code.// === German * 2014-08-29 Heise.de [[http://www.heise.de/newsticker/meldung/In-eigener-Sache-So-koennen-Sie-die-Redaktion-per-PGP-kontaktieren-2303996.html|In eigener Sache: So können Sie die Redaktion per PGP kontaktieren]] (German) * 2014-04-30 Golem.de [[http://www.golem.de/news/verschluesselung-kryptoparty-bei-golem-de-1404-106110.html|Kryptoparty bei Golem.de]] (German) * 2014-02-27 c't Sonderheft (Heise Zeitschriften Verlag) [[http://shop.heise.de/katalog/ct-wissen-sichere-e-mail|c't wissen Sichere E-Mail]] (German) * 2013-09-09 c't 2013, Heft 20, Seite 50 //Mail-Verschlüsseler Gpg4win aufgefrischt// (Short news item in German) * 2013-08-23 PC Magazin [[http://www.pc-magazin.de/news/gpg4win-2-2-verschluesselt-auch-mit-outlook-2013-1537425.html|Gpg4win 2.2 verschlüsselt auch mit Outlook 2013]] (German) * 2013-08-21 Heise.de [[http://heise.de/-1939546|Gpg4win 2.2 verschlüsselt E-Mails und Dateien]] (German) * 2013-08-10 DIE ~WELT: [[http://www.welt.de/print/die_welt/wirtschaft/article118878187/So-schuetzen-Sie-Ihre-Daten-im-Netz.html|So schützen Sie Ihre Daten im Netz]] (German) * 2013-08-09 Kölnische Rundschau: [[http://www.rundschau-online.de/netzwelt/postkarte-oder-brief-mail-verschluesselung-macht-den-unterschied,16129088,23957374.html|Mail-Verschlüsselung macht den Unterschied]] (German) * 2013-07-23 impulse - Das Unternehmer-Magazin (08/2013): [[http://www.impulse.de/management/hilfreiche-links-zur-e-mail-verschlusselung|Schlüssel fürs Postfach]] (German) |
Gpg4win in the press
English
- EFF's Secure Messaging Scorecard , accessed 2014-11-06. Lists Gpg4win with "PGP for Windows" with the following attributes (With early comments from -- bernhard 2014-11-06 16:42:19))
- Encrypted in transit? Yes.
- Encrypted so the provider can’t read it? Yes. Comment: with most messagers, the server provider also provides the software.
- Can you verify contacts’ identities? Yes.
- Are past comms secure if your keys are stolen? No. Comment: forward secrecy means an extra key-exchange before a message can be send. OpenPGP works offline, thus cannot provide it without losing this ability. And if you delete the used subkeys, the communication is "secure".
- Is the code open to independent review? Yes.
- Is security design properly documented? Yes.
- Has the code been audited? No. Comment: This is a wobbly argument, why would someone demand a fresh design audit, if an unchanged design is older than 12 month. Also code audits do not cover or find everything, you could also demand a high automatic test coverage or fuzzy testing with similiar wobbly results. Given that GnuPG is around a long while, many independent people looked at the code.
German
- 2014-08-29 Heise.de In eigener Sache: So können Sie die Redaktion per PGP kontaktieren (German)
- 2014-04-30 Golem.de Kryptoparty bei Golem.de (German)
- 2014-02-27 c't Sonderheft (Heise Zeitschriften Verlag) c't wissen Sichere E-Mail (German)
- 2013-09-09 c't 2013, Heft 20, Seite 50 Mail-Verschlüsseler Gpg4win aufgefrischt (Short news item in German)
- 2013-08-23 PC Magazin Gpg4win 2.2 verschlüsselt auch mit Outlook 2013 (German)
- 2013-08-21 Heise.de Gpg4win 2.2 verschlüsselt E-Mails und Dateien (German)
- 2013-08-10 DIE WELT: So schützen Sie Ihre Daten im Netz (German)
- 2013-08-09 Kölnische Rundschau: Mail-Verschlüsselung macht den Unterschied (German)
- 2013-07-23 impulse - Das Unternehmer-Magazin (08/2013): Schlüssel fürs Postfach (German)
- 2013-07-21 heise.de: Verschlüsselungssoftware GPG4Win unterstützt Outlook 2010 (German)
- 2013-07-21 golem.de: Gpg4win 2.2.0 soll Outlook 2013 unterstützen (German)
- 2013-07-10 ZDF-Morgenmagazin: E-Mails-richtig-verschluesseln (German)
- 2013-07-05 WDR: Hier haben Spione keine Chance (German)
- 2013-07-04 Spiegel-Online: Schutz gegen Internet-Spione: So verschlüsseln Sie Ihre E-Mails (German)