Thanks Peter, I was actually hoping the msg wasn't posted onto the list, as since I wrote it I successfully implemented the system using GPG 1.2. Which although contains less secure source (PGP 2.x has had longer for peer review, GPG has had longer to become infiltrated by spooks, has more places to hide backdoors, uses different algorithms, etc) seems to overall be a better solution. I thought the topic of the list was "the aspects of programming that involve security" which most definitely includes the design of crypto-based solutions. I didn't actually notice a Linux debate. :) However.. 1. In the real world, people still use legacy systems, a fact that linux geeks need to face. I can talk about DOS security if I want! If a corporate network uses a DOS system, then the security of that system is just as important as the rest of the corporate network. Security is only as strong as its weakest link - if that link is DOS-based, so be it. 2. Linux uses a GNU kernel, R. Stallman says so himself - a fact that GNU/Linux geeks need to face too. 3. Linux uses BSD components as well. BSD has a rich legacy others can only try and emulate. Which is why my favoured flavour is FreeBSD. Why play around, when you can get the Real Deal? Stuart On 23 Jan 2003 at 15:43, Peter Gutmann wrote: Date sent: Thu, 23 Jan 2003 15:43:44 +1300 From: pgut001at_private (Peter Gutmann) To: robert.morsonat_private, secprogat_private, stuartat_private Subject: RE: PGP scripting (reprise) > "Robert B. Morson" <robert.morsonat_private> writes: > > >Windows 95 and 98 use the same type of DOS as you could buy stand-alone many, > >many years ago (like DOS 6.22). > > > >Windows NT 4.0, 2000 and XP all use a DOS emulation, there is no longer a > >"division" between DOS and the Windows OS, like there was with 95 and 98. It > >is fairly common for DOS programs that ran under 95 and 98 to have problems > >with NT 4.0, 2000 and XP. Has to do with the fact that emulation is not the > >same thing as the original. > > I've resisted replying so far because I couldn't see that this was relevant > to a secure-programming list, but in an attempt to kill the thread: > > - I have run PGP for DOS on a variety of NT and Win2K systems without any > problems. > > - If you really want to run PGP 2.x under NT et al, get one of the Disastry > versions, which is the 2.x code built as a Win32 binary. > > We now rejoin the debate in progress over Linux vs. Gnu/Linux... > > Peter. -- Stuart Udall stuartat_private - http://www.cyberdelix.net/ ..revolution through evolution want to make some cash? check out http://cyberdelix.net/affiliates.htm
This archive was generated by hypermail 2b30 : Fri Jan 24 2003 - 12:22:16 PST