[Pkg-gnupg-maint] Bug#739424: gnupg dies with "gpg: out of secure memory [...]" since 1.4.16-1
Werner Koch
wk at gnupg.org
Mon Sep 29 06:58:26 UTC 2014
> NIST 2012 also recommends similar key sizes (15360 bits).
These are only projections to show that there is a need to switch to EC
keys. Regarding the key size I can only point to the FAQ and the
endless discussions on gnupg-users.
> It is also against the GNU coding standards to have arbitrary limits such
> as these. ("Avoid arbitrary limits on the length or number of any data
The GNU standards partly recommend ideas dating back to a time the
Internet was young and innocent. Nowadays connecting a box to the
Internet means to vulnerable to a wide range of of attacks. Having no
limits on input data and allocating buffer dynamically is a an easy way
to DoS a service.
If you look at GnuPG code you will notice that there is no silent
truncation of lines. If there is one, please report it as a bug.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnupg-maint
mailing list