GNU: A Heuristic for Bad Cryptography
4 months ago
- #security
- #cryptography
- #GNU
- GNU projects intersecting with cryptography are often poorly designed.
- GNU Name System (GNS) uses unconventional ECDSA over Curve25519 instead of Ed25519, raising security concerns.
- GNS employs AES and TwoFish in a cipher cascade with CFB mode, ignoring IND-CCA2 security.
- GnuPG and GnuTLS have a history of vulnerabilities and poor design choices.
- Recommended alternatives include age and minisign for GPG, and s2n, OpenSSL, or Libsodium for TLS/crypto needs.