fwd: What good is this really going to be?
bem at cmc.net
Fri Dec 4 18:02:44 CET 1998
On Fri, Dec 04, 1998 at 07:34:40PM -0500, John A. Martin wrote:
> Do the dire RNG warnings below arise because the kludge RNG is used
> when signing a file or just because a gpg compiled with the kludge was
Hrrrm... You do need a random number (160 bits) for DSA signatures.
>From Applied Crypto: "If Eve ever recovers a k that Alice used to sign a
message, perhaps by exploiting some properties of the random-number
generator that generated k, she can recover Alice's private key, x."
So, yes, the warning is there for a reason.
You should be able to sign with PGP5 and have GPG verify it though.
It's not fully free, but it's better to be safe.
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster
More information about the Gnupg-devel