GnuPG PRNG insecure?

David Shaw dshaw at
Fri Feb 8 15:45:02 CET 2002

On Fri, Feb 08, 2002 at 08:54:04AM +0100, Werner Koch wrote:

> What worries me most is that it needed *4 years* to figure this bug
> out _and_ report it.  I'd have expected that some more people had a
> close look at those critical things.  It is a very sad thing that
> there is so less truth in the claim that bugs in Free Software are
> figured out very fast - I have seen too many counterexamples :-(

Make it worth their while.  Netscape used to give out money for each
verified bug report.  We could give them some free beer to go with
their free software. :)

I'd be willing to throw some money into a pot for people who find
security-related bugs in GnuPG.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list