Don't use 0.3.5 !!!
kfort at kfort.dyn.ml.org
Fri Sep 18 10:16:59 CEST 1998
-----BEGIN PGP SIGNED MESSAGE-----
This is a little off track, but does anyone have any good ideas on how to
check those detached signatures using pine and gpg? If you hit e to export
the msg it copies the headers too and thats no good for a detached
signature. I guess I could write a program to strip out the headers and
mime stuff if I can figure out where exactly that begin and end. I also
found it a little humourous that the precedence on werner's message was
'bulk'. I will look at diffs if it helps out werner and the project. I
know its tough coding encryption stuff. Alot of pressure to do it right.
I also noticed last night that I wasn't able to decrypt messages made with
gpg with pgp. I didn't test this extensively, but it appeared to be
different then what was happening in 0.3.4 . The message was done using
cast5 and I even tried the -z 0 option. I guess signatures are still good
since I believe they are just encrypted using the public key scheme. oh
btw, I was never able to get gpg -c encrypt the multiple files. I thought
I had it working but it didn't. I tried about 3 or 4 different ways to do
it and always came up with a bug I couldn't figure out. So goes
programming I guess.
On Fri, 18 Sep 1998, Werner Koch wrote:
> Please do not use vesion 0.3.5 of GNUPG!
> I have applied a SERIOUS bug while implementing the weak key detection
> All session keys (not the public keys) and keys for conventional
> encryption are NOT random!
> DON'T USE THIS VERSION!
> I moved a line of code instead of copying it. See g10/seskey.c
> function make_session_key() - It is a very stupid bug.
> I apologize for this bad version.
> To avoid such hassle in the future I'd suggest that some of you
> should look over the diffs to see whether there might be serious
> problems. A complete code-walk would be goog idea anyway.
-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.3.5 (FreeBSD)
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
-----END PGP SIGNATURE-----
More information about the Gnupg-devel