Problems
| The neutrality of this section is disputed. Please do not remove this message until the dispute is resolved. |
The OpenPGP standard specifies several methods of digitally signing messages. In 2003, due to an error in a change to GnuPG intended to make one of those methods more efficient, a security vulnerability was introduced. It affected only one method of digitally signing messages, only for some releases of GnuPG (1.0.2 through 1.2.3), and there were fewer than 1000 such keys listed on the key servers. Most people did not use this method, and were in any case discouraged from doing so, so the damage caused (if any, and none has been publicly reported) would appear to have been minimal. Support for this method has been removed from GnuPG versions released after this discovery (1.2.4 and later). Two further vulnerabilities were discovered in early 2006; the first being that scripted uses of GnuPG for signature verification may result in false positives, the second that non-MIME messages were vulnerable to the injection of data which while not covered by the digital signature, would be reported as being part of the signed message. In both cases updated versions of GnuPG were made available at the time of the announcement.
GnuPG is a command-line based system, that is not written as an API which can be incorporated into other software. GPGME is an API wrapper around GnuPG which parses the output of GnuPG, and various graphical front-ends based on GPGME have been created. This currently requires an out-of-process call to the GnuPG executable for many GPGME API calls. Because GPGME makes use of a special GnuPG interface designed for machine use, a stable and maintainable API between the components is given. Possible security problems in an application do not propagate to the actual crypto code due to the process barrier.
Read more about this topic: GNU Privacy Guard
Famous quotes containing the word problems:
“Our young people are diseased with the theological problems of original sin, origin of evil, predestination, and the like. These never presented a practical difficulty to any man,—never darkened across any man’s road, who did not go out of his way to seek them. These are the soul’s mumps, and measles, and whooping- coughs, and those who have not caught them cannot describe their health or prescribe a cure. A simple mind will not know these enemies.”
—Ralph Waldo Emerson (1803–1882)
“Imagination is a valuable asset in business and she has a sister, Understanding, who also serves. Together they make a splendid team and business problems dissolve and the impossible is accomplished by their ministrations.... Imagination concerning the world’s wants and the individual’s needs should be the Alpha and Omega of self-education.”
—Alice Foote MacDougall (1867–1945)
“The man who is forever disturbed about the condition of humanity either has no problems of his own or has refused to face them.”
—Henry Miller (1891–1980)