Peter Gutmann (computer scientist)

From Wikipedia, the free encyclopedia
Gutmann speaking at Kawaiicon in Wellington, New Zealand in 2019

Peter Claus Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. He has a Ph.D. in computer science from the University of Auckland.[1] His Ph.D. thesis and a book based on the thesis were about a cryptographic security architecture.[2] He is interested in computer security issues, including security architecture, security usability (or more usually the lack thereof), and hardware security; he has discovered several flaws in publicly released cryptosystems and protocols. He is the developer of the cryptlib open source software security library and contributed to PGP version 2. In 1994 he developed the Secure FileSystem (SFS).[3] He is also known for his analysis of data deletion on electronic memory media, magnetic and otherwise, and devised the Gutmann method for erasing data from a hard drive more or less securely. Having lived in New Zealand for some time, he has written on such subjects as weta (a group of insects endemic to New Zealand), and the Auckland power crisis of 1998, during which the electrical power system failed completely in the central city for five weeks, which he has blogged about. He has also written on his career as an "arms courier" for New Zealand, detailing the difficulties faced in complying with customs control regulations with respect to cryptographic products, which were once classed as "munitions" by various jurisdictions including the United States.

Criticism of Windows Vista[edit]

His white paper "Cost Analysis of Windows Vista Content Protection", in which he described the content protection specification as "the longest suicide note in history",[4] generated considerable public interest since it was first posted in 2006. He discussed this with Steve Gibson in episode #74 of the Security Now! podcast on 2007-01-11.[5]

Response to Criticism[edit]

In an article[6] written on September 1, 2007, George Ou offers a rebuttal to Gutmann's statements on Windows Vista. Peter Gutmann is quoted in reference to Windows Vista as saying, "Can others confirm this? I don't run Vista yet, but if this is true then it would seem to disconfirm Microsoft's Claims that the content protection doesn't interfere with playback and is only active when premium content is present.". This garnered criticism from audiences who didn't trust the primary use of secondhand information for detailed data, which was often found on forums. When the quality of Gutmann's research came into question, George Ou himself tested certain assertions from the white paper. He found significant differences between what was reported to be true and what was revealed to occur when performed firsthand, and failed to reproduce multiple alleged results in his own tests.

See also[edit]


  • Gutmann, Peter (2014). Engineering Security (Book Draft April 2014) (PDF). Peter Gutmann, Book Draft published online.
  • Gutmann, Peter (2003). Cryptographic Security Architecture: Design and Verification. Springer-Verlag. doi:10.1007/b97264. ISBN 0-387-95387-6. S2CID 27659379.
  • Gutmann, Peter (2000). The Design and Verification of a Cryptographic Security Architecture (PhD). University of Auckland. hdl:2292/2310.


  1. ^ Gutmann, Peter (2000). The Design and Verification of a Cryptographic Security Architecture (Doctoral thesis). ResearchSpace@Auckland, University of Auckland. hdl:2292/2310.
  2. ^ Gutmann, Peter (2000), The Design and Verification of a Cryptographic Security Architecture, ResearchSpace@Auckland, hdl:2292/2310, Wikidata Q111963905
  3. ^ Brown, Ralf D., ed. (2000-07-17). "INTERRUP.1ST". Ralf Brown's Interrupt List (61 ed.). Archived from the original on 2017-08-23. Retrieved 2017-08-23. (NB. See file INTERRUP.1ST.)
  4. ^ Gutmann, Peter (December 26, 2006). "A Cost Analysis of Windows Vista Content Protection". School of Computer Science. Faculty of Science. University of Auckland. Retrieved 2019-08-12.
  5. ^ Gibson, Steve (January 11, 2007). "Peter Gutmann on Vista Content Protection". Security Now. Episode 74. GRC Security Now! Transcript. Retrieved 2019-08-12.
  6. ^ "Gutmann Vista DRM paper uses shoddy Web Forums as source". ZDNet.

Further reading[edit]

External links[edit]