![]() ![]() GPG is vulnerable to a severe denial of service (permanently bricking the keyring) when importing public keys through multiple weaknesses. It's a systemic issue, not a specific problem. Rather than changing the instructions to work around GPG deficiencies, it won't be used. It's only suitable for usage as a case study in how not to design and implement software. It's overly complex with far too much attack surface and has egregiously bad usability and security. The gpg implementation bugs permitting DOS attacks on keyrings are long-standing and not being addressed in a timely manner by its developers.signify is far simpler than the OpenPGP spec it's less vulnerable to (keychain) exploits, the code is shorter, and has a lower attack surface.Daniel Micay (Lead developer of GrapheneOS) decided to use signify instead of gpg because of many issues associated with gpg and the OpenPGP standard, including:
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |