Don't use 0.3.5 !!!
Werner Koch
wk at isil.d.shuttle.de
Fri Sep 18 11:53:18 CEST 1998
Please do not use vesion 0.3.5 of GNUPG!
I have applied a SERIOUS bug while implementing the weak key detection
code!
All session keys (not the public keys) and keys for conventional
encryption are NOT random!
DON'T USE THIS VERSION!
I moved a line of code instead of copying it. See g10/seskey.c
function make_session_key() - It is a very stupid bug.
I apologize for this bad version.
To avoid such hassle in the future I'd suggest that some of you
should look over the diffs to see whether there might be serious
problems. A complete code-walk would be goog idea anyway.
Sorry,
Werner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 259 bytes
Desc: not available
Url : /pipermail/attachments/19980918/665ed51f/attachment.bin
More information about the Gnupg-devel
mailing list