Gpg4win in the press
English
- EFF's Secure Messaging Scorecard , accessed 2014-11-06. Lists Gpg4win with "PGP for Windows" with the following attributes (With early comments from -- bernhard 2014-11-06 16:42:19))
- Encrypted in transit? Yes.
- Encrypted so the provider can’t read it? Yes. Comment: with most messagers, the server provider also provides the software.
- Can you verify contacts’ identities? Yes.
- Are past comms secure if your keys are stolen? No. Comment: forward secrecy means an extra key-exchange before a message can be send. OpenPGP works offline, thus cannot provide it without losing this ability. And if you delete the used subkeys, the communication is "secure".
- Is the code open to independent review? Yes.
- Is security design properly documented? Yes.
- Has the code been audited? No. Comment: This is a wobbly argument, why would someone demand a fresh design audit, if an unchanged design is older than 12 month. Also code audits do not cover or find everything, you could also demand a high automatic test coverage or fuzzy testing with similiar wobbly results. Given that GnuPG is around a long while, many independent people looked at the code.
German
press (last edited 2015-01-12 14:14:29 by bernhard)