Don't use 0.3.5 !!!

Werner Koch wk at
Fri Sep 18 11:53:18 CEST 1998

Please do not use vesion 0.3.5 of GNUPG!

I have applied a SERIOUS bug while implementing the weak key detection

All session keys (not the public keys) and keys for conventional
encryption are NOT random! 

            DON'T USE THIS VERSION! 

I moved a line of code instead of copying it.  See g10/seskey.c
function make_session_key() - It is a very stupid bug.

I apologize for this bad version.

To avoid such hassle in the future I'd suggest that some of you
should look over the diffs to see whether there might be serious
problems.  A complete code-walk would be goog idea anyway.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 259 bytes
Desc: not available
Url : /pipermail/attachments/19980918/665ed51f/attachment.bin

More information about the Gnupg-devel mailing list