GnuPG PRNG insecure?
wk at gnupg.org
Fri Feb 8 08:59:01 CET 2002
On Fri, 8 Feb 2002 19:10:18 +1300 (NZDT), Peter Gutmann said:
> (assuming it accurately implements the design in
> http://www.cryptoapps.com/~peter/06_random.pdf) the output is only taken from
It should implement a CSPRNG as described in your 1998(?) paper.
> Incidentally, this bug is identical to the PGP 2.x xorbytes bug, a web search
> for that name will find further discussion on this topic. I think copying
> xorbytes is taking GPG's PGP compatibility a bit far :-).
What worries me most is that it needed *4 years* to figure this bug
out _and_ report it. I'd have expected that some more people had a
close look at those critical things. It is a very sad thing that
there is so less truth in the claim that bugs in Free Software are
figured out very fast - I have seen too many counterexamples :-(
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus
More information about the Gnupg-devel