GnuPG PRNG insecure?

Werner Koch wk at
Sun Feb 10 18:50:02 CET 2002

On Fri, 08 Feb 2002 20:04:58 +0100, Simon Josefsson said:

> Makes you wonder if this code was simply copied from PGP?  What about
> license etc?

  *a++ = *b++

is quite a common construct in C as well as 

  *a++ ^= *b++

The random code used by GnuPG is entirely different from the one in
PGP.  I wrote from the description in Peter's paper.

Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnupg-devel mailing list