GnuPG PRNG insecure?

Werner Koch wk at
Fri Feb 8 08:33:01 CET 2002

On Thu, 7 Feb 2002 20:06:03 +0100, Stefan Keller said:

> The problem I see with this is, that previous data in our random
> pool is simply overwritten with new data. If our gathered data is

Thanks Stefan for pointing this out.  As Peter already mentioned, this
is not a serious flaw because an attacker is not able to mix data of
his choice in.  I fixed it of course.


Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list