blob: 289b9af8c430056d0d60c24a42d40fd0e9e48679 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
Why to use GnuPG and not PGP.
-----------------------------
* PGP 2 is nearly Free Software but encumbered by the IDEA patent.
* PGP 2 is old, hard to maintain and limited to one set of
encryption algorithms (RSA + IDEA)
* PGP 2 is not a GNU or Unix Program and threfore not easy to use in
those environments
* PGP 2 has a couple of minor security flaws
* PGP 5 and 6 are more or less OpenPGP conform but proprietray
software. Source code is available but there is no way to be sure
that the distributed binary versions do match the source code.
Parts of the source code are not published. It is illegal to
build versions of PGP from source and distribute them (IIRC, there
is an exception for private users).
* PGP 5 and 6 are not fullty OpenPGP compliant
* PGP 7 is claimed to be OpenPGP compliant but the source code is
not anymore published.
* At least versions before 6.5.8 had severe coding bugs. We don't
know about PGP 7.
* PGP 5, 6 and 7 implement complicated methods for key recovering in
corporate environments. Although this is not a hidden feature,
this leads to more code and bugs.
* NAI as the vendor of PGP seems to be a major government contractor.
* Given the history of known backdoors in other proprietary software
(e.g. Lotus Notes), some folks claim that there might also be
backdoors in PGP 5, 6 and 7. Now there are even more rumors after
Phil Zimmermann left NAI.
* GnuPG is Free Software under the GNU GPL. It does not use
patented algorithms.
* Everyone is able to scrutinize the source code, build, distribute
and use versions of his own or from a trusted party he chooses.
* The build environment is also Free Software and therefore less
likely tampered with malicious code. The exception here is the MS
Windows version of GnuPG where the OS is proprietary. The binary
version however is build using an entirely Free Software OS and
toolchain (cross-platfrom development under GNU/Linux).
* Security fixes are provided very fast.
* GnuPG is a standard tool in all GNU/Linux systems and used in many
different environments.
* GnuPG gives reasonable messages and not just "Error encrypting".
* GnuPG supports most of the optional features of the OpenPGP standard.
* GnuPG comes with internationalization support for 16 languages.
* Graphical frontends are available and they divert the task of
the actual cryptographic operations to GnuPG as a specialized tool
for this. A library called GPGME is available which makes
interfacing of GnuPG with other programs quite easy.
* GnuPG is available for all GNU and Unix platforms as well as for
all MS Windows Operating systems. Porting to VMS, MAC OSX and
OS/2 is nearly finished.
|
