Actually my target audience isn’t “normal” people since normal people don’t have a PGP private key and probably don’t even know what PGP is. I said this before somewhere in the vast miasma of comments that this is a tool I wrote for my own use that I wanted to share with the LW crowd. (Note that there is not a PGP key generator or signature validator included with the tool.)
As for its value? Well, there is at least one person capable of usefully looking at my code who finds value in this tool: me. If no one else finds it helpful, that’s okay, the effort required to upload and share the app was pretty trivial. If other people DO find it helpful, then great, I’ve generated a bit of net utility for very little effort.
Value can be negative if people think something is secure when it isn’t (that’s not a claim that your software is insecure, just a general observation).
Since someone seemed to take issue with this, I’ll clarify: all the potential security flaws that we’ve discussed here operate under the assumption that I maliciously attempted to subvert the stated purpose of this tool. Since I am ~100% confident that I did not, in fact, do this, I am not too concerned.
all the potential security flaws that we’ve discussed here operate under the assumption that I maliciously attempted to subvert the stated purpose of this tool
This is not true at all. Security flaws of a crypto tool are bugs which make it less secure than expected and which the author is typically not aware of. Software with a hidden malicious load is just a trojan (or malware in general).
Note that I said “all the potential security flaws we’ve discussed here”. Not, “any possible security flaw.”
This is precisely why I’ve been annoyed by the direction this thread has taken. If someone wants to talk about potential flaws specific to this tool, I’m all ears. But instead it’s mostly been a discussion about all the different ways I could possibly slip a Trojan into this tool.
Actually my target audience isn’t “normal” people since normal people don’t have a PGP private key and probably don’t even know what PGP is. I said this before somewhere in the vast miasma of comments that this is a tool I wrote for my own use that I wanted to share with the LW crowd. (Note that there is not a PGP key generator or signature validator included with the tool.)
As for its value? Well, there is at least one person capable of usefully looking at my code who finds value in this tool: me. If no one else finds it helpful, that’s okay, the effort required to upload and share the app was pretty trivial. If other people DO find it helpful, then great, I’ve generated a bit of net utility for very little effort.
Value can be negative if people think something is secure when it isn’t (that’s not a claim that your software is insecure, just a general observation).
I’m not going to lose any sleep over that, at least with regard to the PGP tool.
Since someone seemed to take issue with this, I’ll clarify: all the potential security flaws that we’ve discussed here operate under the assumption that I maliciously attempted to subvert the stated purpose of this tool. Since I am ~100% confident that I did not, in fact, do this, I am not too concerned.
This is not true at all. Security flaws of a crypto tool are bugs which make it less secure than expected and which the author is typically not aware of. Software with a hidden malicious load is just a trojan (or malware in general).
Note that I said “all the potential security flaws we’ve discussed here”. Not, “any possible security flaw.”
This is precisely why I’ve been annoyed by the direction this thread has taken. If someone wants to talk about potential flaws specific to this tool, I’m all ears. But instead it’s mostly been a discussion about all the different ways I could possibly slip a Trojan into this tool.
I don’t believe I ever said anything like that.
You didn’t. Sorry, I should have clarified. When I said “this thread” I meant “the comments in general” and not your particular reply.