On 7/25/13, takethe...@gmx.de <takethe...@gmx.de> wrote: > Hi everybody, > > why should I trust gpg4win? I have doubts since it was ordered by the > "Bundesamt für Sicherheit in der Informationstechnik (BSI)", which has > close connections to secret services. Is gunPT any better? Finally, why > should I trust gunpg? > First of all, it is ok to have doubts. Basically, your concern is that some German federal institution implemented a back door in gpg4win (in this case). This is theoretically and practically possible, but there's one big problem with this: gpg4win (as gnupg, too) is _free software_ [1]. "Free" has to be understood as in "free speech" not "free beer" (although it often means both). This basically means, that everyone(!) can access, modify and redistribute the source code of the program (see [2] if you're interested). There are lots of people (usually volunteers from all over the wold) who do peer reviews on the sources (and if you start with [2], _you_ can be another one). Therefore, changes that look like back doors are VERY unlikely to find their way in a release, because hundreds of people are looking how the software evolves and will reject such a patch. This is the/a major thing behind the necessity for "free and open" software, such as the free operating system GNU/Linux. There's nobody you just have to trust, because _you_ can verify what the program actually does (as said above, by looking at the code and compiling it yourself).
( Besides, I think that, usually, the BSI people are good people. ) > I'm a windows user. When you're used to gpg4win (or OpenPGP/cryptography in general), I strongly recommend you to switch from windows to a free operating system, preferably GNU/Linux. You may also have a look at the various "Live CDs", e.g. [3] and [4]. You can download and burn an iso-image to a CD/DVD and then boot a complete GNU/Linux OS without making actual changes on your hard disk. [1] http://www.gpg4win.org/about.html [2] http://www.gpg4win.org/download.html, then look for "source code package" [3] https://tails.boum.org [4] http://www.knoppix.org/ Cheers, -- atair04 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users